XKCD this week had a wonderful piece of commentary about the way we choose passwords.
Four randomly chosen common English words make for a remarkably good password. Randall Monroe's example uses a word-list about 2,000 words long (11 bits per word). The beauty of this suggestion is that you can choose any 2,000 different words you like and even assume that the attacker knows your word list and it will still have about 44 bits of randomness in. And 2 to the 44 is a pretty damn big number.
This is very similar suggestion to one made by Thomas Baekdal a few years ago that:
"this is fun" is 10 times more secure than "J4fS!2"
I'm pretty sure that's wrong, but in a slightly subtle way.