In case you were not aware, OS X has a limit of eight characters for login passwords. This is not a "hard limit" (ie you can keep typing after eight characters), but rather, a "soft limit". OS X will only pay attention to the first eight characters of your password; anything beyond that is ignored. So even though you think "pastrami3tZ8n" is a secure password, it's really just the word "pastrami", which isn't secure at all.
For the most secure OS X password possible, you should:
- Use a long password, up to eight characters, but don't bother going over that. A reader on the X4U mailing list pointed out that many cracking algorithms start at eight characters, as this has been an upper limit in UNIX for quite a while. So use what you're comfortable with, but in general, longer should be better.
- Mix numbers and letters.
- Mix upper and lower case.
- Do not use dictionary words.
- Do not use 'familiar' words such as the names of pets, kids, or other relatives, birthdates, anniversaries, etc.
- Do not use the same password on your machine that you use online; most online web passwords are not encrypted, and can be intercepted.
- Plan on changing your password regularly; change the length and mix of characters; don't just change the ending digit (ie don't go password1, password2, password3, etc.).
NOTE: The info above regarding the eight character password limit is no longer true. See the comments; it has been removed...

