Here are some interesting statistics on how long it takes someone with the wrong intentions (in other words a hacker) to obtain your password.  It really makes sense to use a mix of Upper and Lower Case letters but numbers and symbols and increasing the length of your passwords really ramps up your security level. Also, no common words – probably no real words – and do not use the same password for all of your accounts.

Most-used passwords: 123456, password, 12345678, qwerty, abc123

Time it takes a hacker’s computer to randomly guess your password:

Length: 6 characters
Lowercase: 10 minutes
+ Uppercase: 10 hours
+ Nos. & Symbols: 18 days

Length: 7 characters
Lowercase: 4 hours
+ Uppercase: 23 days
+ Nos. & Symbols: 4 years

Length: 8 characters
Lowercase: 4 days
+ Uppercase: 3 years
+ Nos. & Symbols: 463 years

Length: 9 characters
Lowercase: 4 months
+ Uppercase: 178 years
+ Nos. & Symbols: 44,530 years

Average amount it costs a business to field a phone call requesting a password reset: $10
Proportion of help desk calls that are password-related: 30%
Users who choose a common word or simple key combination for a password: 50%

Data: Gartner, Forrester, Duo Security, Imperva, LastBit Software