The most recent edition of Law Pro Magazine has some good tips on the use of passwords.

One good tip that isn't in the article is to use a base password that you modify for each website/service. I have a couple patterns that I modify by using letters from the domain that the password is for (e.g. the password for eBay would be "PasswordEba", and for Gmail it would be "PasswordGma"). This technique can help avoid the risk of your password being stolen from one site and applied to all of your other accounts.