Password security is general security and is not specific to Bitcoin but a discussion is important when managing bitcoins.
Most passwords used to secure accounts are weak. They can be difficult to crack because if the account is at a web site they will normally lock you out after a few tries. Being hard for a human to guess is all you need in these cases. However, if you have a bitcoin wallet or password-protected file then there is no server to lock you out after a certain number of wrong guesses. In this case you need a complex password that can withstand a brute force computer attack.
Another problem is password re-use. So if one sites credentials get compromised then credentials for other sites where that password is re-used is also compromised.
One solution is to use a password vault such as KeePass (free). It has a password generator and a comments section for each entry. It can run from a USB drive and has a load of features and plugins, such as an automatic web login for web sites. It can be used to save all sorts of passwords such as web sites, ATM codes, software licenses, and even a bike lock code. Of course you will still need to remember a passphrase to open KeePass but that is better than trying to remember many passwords or reusing passwords in different places. Another advantage is that passwords are never actually typed in (they are generated, and then a copy and paste is used) so a keylogger will not be able to capture passwords.