Came across this nice snippet on WSJ:
(via: Rajesh Jain of emergic.org)
I came across this article by Jeremy Wagstaff which is still as relevant today:
Base the password on mnemonics or acronyms, not words or names. Use your favorite song titles, movies, football teams as starters. It's got to be something that you know a lot about, but not something that other people can find out about you -- such as your birthday, your place of birth, or your kids' names. The first letters of the movie The Year of Living Dangerously, for example, could be used in conjunction with its two main stars, Mel Gibson and Sigourney Weaver, to read "tyoldmgsw."
That's just the start. Now you have something you can remember, but it's still just basic letters. You need to turn some of them into numbers, punctuation symbols and capitals. Try turning the "o" into a similar-looking zero, the "l" into a one and the "s" into a five. That would give you "ty01dmg5w" which is a lot better, and still easy to remember, since the numbers are similar to the letters they've replaced.
This, sadly, is still not good enough. The people who write hacking programs are on to this kind of trick, so your password is still vulnerable. It needs an extra trick or two. Try capitalizing the family-name letters, alter the 0 to similar-looking bracket marks (), and move the numeric characters one key to the left on your keyboard.
If your passwords are as good as that, then you should be safe. But there's still a weakness, and it's still human. Never give your passwords to anyone, don't reuse them for different accounts, and change them every few months. Store them on your personal digital assistant if you like, but remember that, even if it's in a well-encrypted file, all your valuable information is just one password away from being accessed by someone. If they steal your device, chances are they're eager enough to try to crack the password protecting all your passwords. Passwords are better kept in your head, triggered by things you'll never forget.