Do Not Use Real Words

Unless It Is A Very Long Word

From Tony Bradley, CISSP-ISSAP, former About.com Guide

In general, it is good advice to not use any real words as your password or even part of a password. Using common password cracking tools, an attacker can crack the password 'february' in a micro-fraction of the amount of time it would take to crack 'f1djt&9B' even thought they both have 8 characters.

Another trick though is to just make the password very long. Longer passwords take longer for password cracking tools to guess, as a general rule of thumb. Using 'MyNameIsTonyBradley' is more secure than 'S3cur!ty' even though the second one uses a greater diversity of uppercase, lowercase, number and special characters.

Anything more than 7 characters is a good start. To assure a higher level of security, you should choose passwords or passphrases that are 15 characters or more.

Creating Secure Passwords
How to Choose a Good Password
Linux System Administrator's Guide - Access control
Basic Linux Operations FAQ
Linux Newbie Administrator Guide - 4.2 Users, passwords, file permissions, ...