All crypto is just as strong as your password. 

There are different philosophies... but one everyone is sure about: 

**The longer, the better.** https://xkcd.com/936
{{:wiki/password_strength.png?nolink |}}

  * Do not use the same password everywhere! 
    * Have at least different security-levels in passwords, e.g. a basic one for strange webservices you dont trust at all, some more, and at the end the strongest one in different combinations for you most important things!)
  * Do not use any words from a dictionary! 
    * This can be discussed, see e.g. the comic
  * Add some special characters!
    * This can be discussed, see e.g. the comic
  * A good thing is to mix up languages and letters in one sentence. 

  * You find a nice text and how-to at [[https://securityinabox.org/en/chapter-3 | security-in-a-box]]:
    * Make it long
    * Make it practical
    * Don't make it personal
    * Keep it secret
    * Make it unique
    * Keep it fresh

  * Some Information on password strength is here: http://en.wikipedia.org/wiki/Password_strength

  * And here is [[http://www.iusmentis.com/security/passphrasefaq/ | the passphrase FAQ]]