Here's a link to help you understand the implications of what they discovered and made public in August of 2010:
Where seven character passwords have now been classified as "hopelessly inadequate", the researchers involved in the study concluded that twelves character passwords would require more than 17,000 years to crack with today's technology.
The Duh Factor
Of course, length alone doesn't make a password good if the password is predictable or easy to guess. LadyGaga isn't a good password for anyone, but is less so for a devoted fan. 1234567890 is never good, even though it has ten characters and password1234 isn't much better, even though it has twelve.
Passwords should not be guessable, predictable, or reusable. They should never be based on words you'd find in the dictionary -- of any language whatsoever. Common letter substitutions like 0 for "o" and 4 for "a" really don't make much difference.
Most security experts agree that passwords should be easy to remember, but hard to guess. The "easy to remember" part means you shouldn't get yourself locked out of systems you need to use. nor should you be tempted to write your passwords on anything in your work area. Writing down password clues can be acceptable, especially if the clue that jogs your mind wouldn't allow someone -- even someone who knows you well -- to reconstruct your password.
One option for ensuring password complexity is to use the really tough passwords that password safes generate. You won't remember passwords like GdzIQaZyVaFgbh7dlu46 (that's 20 characters!). In fact, they can be painful to use at all unless you can copy and paste them as you log in. But they'll be remarkably difficult to crack. This can be a good approach for those passwords you only need to use now and then, but likely not for those you use many times every day.
If using a password safe, you need to be very careful when selecting the password you will use to open the safe. If it's one you won't remember, you can lose access to all of your stored passwords. If it's not a good password, all of your accounts could be at risk. Both your login password and the one you use to unlock your safe should be well constructed (adequately long and complex) and memorable.
For those passwords you have to remember, picking a phrase like "I want to be at the beach" and encoding it as "iw2b@theBeach" might work just fine. "I want to see you at Chuck E Cheese's" could be "iw2cu@ChECh!". Even your friends who know you hang out at Chuck E. Cheese's aren't likely to guess this password. Plus you could adopt the "iw2b@" or "iw2cu@" phrase as a theme for some period of time, adding various endings for different systems.