And let's not forget....

The password is only HALF of the security in use! Usernames form the other half. If usernames are easily guessed, or given away, then that is half the battle won for a potential intruder.

I agree with other posters that passwords should comprise ANY character available! Extended, Capital and numeric. Setting weak passwords only encourages intruders, and when they break ONE, they will probably attempt more, based on the ease of breaking the first.

There are several good tools that you can use to evaluate password strength, and most have already been mentioned here. Make your passwords hard, change them regularly, and most importantly, harden your network. If your security posture is open to attack, don't stop to ask "Why Me?" when you get hit. OK, you have a firewall! But is it configured correctly? What about your perimeter router? Access Lists?

sorry for the rant! ;-)