I came across this epic cartoon over at xkcd regarding the strength of passwords. The conventional line of thought is a minimum of 8 characters with a mixture of caps and special characters.
As computing power increases, passwords that are or a certain length are trivial to crack, assuming the right conditions are present.
Since not all systems are designed the same on the internet. A basic defense is to use a different password on every site that you have an account on. Without going into too many gory details, many websites do not follow best practices in how they store passwords. There are sites on the internet that store passwords in a database in plain human readable text. There are sites out there that do not lock users out after a certain amount of attempts, which paves the road for a never ending brute force attempt.