Here's a fun and simple experiment I recently did...
Some time ago I started using phases to remember passwords. This can work a couple different ways:
1) use the first letter from every word in a sentence.
Example: The quick brown fox jumped over the lazy dog = Tqbfjotld
2) use a whole sentence as a password.
Example: The quick brown fox jumped over the lazy dog
When I attended SDSU, they required the most obtuse password rules. It was something along the lines of "must have uppercase, lowercase, numbers, and symbols. Cannot use more than 2 of each consecutively. Must be more than 8 characters." Oy...XKCD comic on this subject. I decided to test the "password strength" of a sentence on 4 various major services. I didn't use spaces, no caps, no numbers, no symbols, and the sentence only came out to 29 characters. The results are amusing. Here are screenshots:
|OS X 10.8.2|
I find it fascinating that Facebook hates my test password, when Google, Twitter, and my laptop all tell me it's AOK. Given Facebook's history of privacy and security issues (e.g. 1, 2) I'm not losing any sleep over it. I'm not an expert in cryptography by any means, but a 29 character password seems like it should be reasonably strong!