For most people, passwords are just that... WORDS. You've probably heard that the best thing to do when setting a password is for it to contain uppercase and lowercase letters as well as numbers. This is true, you shouldn't really set a password in all one case. The more you mix it up, the longer it would take to be comprimised.
For example, an 8 character password containing just lowercase could take just 35 minutes to be comprimised (a brute force attack trying 50,000 words per second)
Just including uppercase and numbers in your 8 character password, it would take upto 26 days to be comprimised by the same attack.
Now, if we started to use phrases instead of words for passwords, the time it would take for a password to be hacked by a brute force attack increases dramtically.
For example, if you had an 18 character phrase, i,e Dude wheres my car
(Yes, you can use spaces in passwords! with exception to maybe some really old applications) even though it contains no numbers, because it is 18 characters long it would take up to 104333382734833680 years to be comprimised by the same brute force attack!!
If we added a number and symbol to this passphase to add more complexity, i.e Johnny 5 is alive! it would take upto 1423490954898503700 years!
Conclusion: So even though it's a bit of a pain to type more in on the keyboard, the above stats speak for themselves. Consider using PASSPHRASES for all your passwords (home computer, facebook, email, work system etc) as it makes it more difficult for it to be hacked... AND IT DOES HAPPEN! It's happened to me on both my email and paypal accounts in the past.
P.S, (common sense) never use 'Password', 'Password1' or any other variation, these are amongst the first any hacker will try!
All stats taken from http://lastbit.com/pswcalc.asp and are based on 50,000 words per second and 2000 computers/programs performing the brute force attack. Note there are other, possibly more effective attacks out there