Agile Blog | Better Master Passwords: The geek edition
The strength of a password creation system is not how many letters, digits, and symbols you end up with, but how many ways you could get a different result using the same system.
Depending on what sort of access the bad guys have, they can test from 1000 passwords per second to hundreds of thousands per second.
Together these facts lead to a system to form passwords a human can remember and a computer finds difficult to crack.
Thanks Jeff Goldberg!