I'm not an expert in this issue, but I have some information you
should know, if you don't know it yet.
There are a few "crackink packages" that include a virus which remains
in the system area and detects password changes, so it will know all the new
passwords. I think the only solution for this is to run a virus detection
software before changing the password.
Regarding the other kinds of "crackers", why not use a non-word
combination of letters, or letters, numbers and punctuation ? I don't think
that it would be easy to guess a password like r4t3A.k and it wouldn't
be impossible to memorize it.
Brazilian Center of Protein Sequencing
Biochemistry and Protein Chemistry Lab.
University of Brasilia