Ars Technica has an excellent article
on the state of password security. It used to be that if you had a password with a mix of lower and upper case letters that was at least eight or nine characters long you were pretty secure. However over the past several years, the art and science of password cracking has changed considerably. The bottom line is you and your organization may be more at risk than you think. If your passwords aren't at least 13 characters long, you're not using randomly generated passwords for sensitive accounts and information, and you don't know what KeePass or Password Safe are, be sure to read the article.