The length, compexity, written down, memorized. It realy is not that important. What is, is how fast you can realise and then react to compromisation. All passwords can be extracted, either by theft, cracking, guessing, socialengineering, coercian, etc.etc. Its not the password that is important, its the password holder and his attitude to security.

It matters not whether a password is memorised, if the holder gives it out for a free coffee or if written down, if left for all to see.