Today's Diane Rehm Show on NPR discussed
The Illusion Of Online Security, which you may find interesting as well as bewildering. Perhaps more importantly, you can find among the listener comments the link to Gibson Research's
How big is your haystack? page. This deals with determining the time it takes a hacker to search for your password by trial and error etc., in which longer is better. That in turn tells you how best to construct passwords to suit your purposes. The approach used by Gibson complements what tacit mentioned above on the topic, and what the xkcd cartoon was all about. It may also help you understand why password strength meters/sites vary the way they do.
