We use a modern password system the same as dropbox.com described here.
Essentially the best passwords will be long and hard for a computer to guess (like 'horses are blue' or 'i am the aardvark')
The great thing about these passwords is that they can be easy for a person to remember but really hard for a computer to guess.
The old-style passwords where you are given a set of rules where you have to use 8 characters with capitals or characters like $%^& actually give computers a nice set of rules which make it really easy for a machine to break these passwords.
We mostly don't allow passwords that are too short or that include the most common passwords used by people (like password123 or monkey or similar)
Using a short random sentence will be the best or anything longer than 8 characters like 'cloudsareblue' will work.
The premise for this is based on the idea that the only 'true' security in password generation is the length. not mixing characters (a-zA-Z) with specials (!@£$%^&*()).
So based on length alone, it will take longer for a computer to brute force an attack.