Read an interesting article on BBC technology website (see Call to improve password security). GPU harness much power to crack simple passwords of length seven characters or less by brute force attack. It suggests the password of 12-character length consisting of upper or lower case letters including digits and symbols can be considered safe. Equally such passwords are not easy to remember. Experts suggest phrasal based password are easy to remember :)
This reminds me of Rainbow Tables (see wiki link) which are capable of finding 8-character or less MD5 hash based password via table look up.