Mind you, I think GRC are the good guys, but I'm not sure this concept works.

The best form of passwords is a series of random words. Not stuff like word+number+sign, but stuff like "packbatteryhorses". It's easy to remember: Just think of a pack of battery-powered horses.

Or use a line from a song.

it's the length of the password-- the longer it is, the tougher it is to crack.

The other things that affect crackability are the number of characters in the pool of characters used, and whether or not they are repeatable.

With passwords, it's called a permutation. It's a permutation where repeatabililty is allowed but the order is required. The formula is n to the power of r, where n is the number of characters and r is the number of characters to choose from.

http://www.mathsisfun.com/combinatorics/combinations-permutations-calculator.html

So, an 8 character password using digits 1 to 0 has 100,000,000 possibilities. A computerized code-cracker could list all of them in seconds and try as quickly as the password app allows.

Add 52 upper and lower case letters to the mix and you get 2.1834010558e+14 possibilities. Much bigger.

Use a 10 character password and it goes up to 8.3929936586e+17 even without using commas and ampersands.

Use that 10 character password with the entire 255 ASCI set and you get 1.1625236701e+24 which is a truly large number.

But, just increase the password to 20 alphanumeric characters, like a favorite quote or TV show you can easily remember, and you get 9.1994219715e+34 That's getting up there with atoms in the universe.

But, this is not how personal passwords are stolen, so it's more important to just be careful with them.