All crypto is just as strong as your password.

There are different philosophies… but one everyone is sure about:

The longer, the better. https://xkcd.com/936

• Do not use the same password everywhere!
  • Have at least different security-levels in passwords, e.g. a basic one for strange webservices you dont trust at all, some more, and at the end the strongest one in different combinations for you most important things!)
• Do not use any words from a dictionary!
  • This can be discussed, see e.g. the comic
• Add some special characters!
  • This can be discussed, see e.g. the comic
• A good thing is to mix up languages and letters in one sentence.

• You find a nice text and how-to at security-in-a-box:
  • Make it long
  • Make it practical
  • Don't make it personal
  • Keep it secret
  • Make it unique
  • Keep it fresh

• Some Information on password strength is here: http://en.wikipedia.org/wiki/Password_strength

• And here is the passphrase FAQ