There are many articles describing how to make a password more secure. They usually suggest using letters, symbols, and so on, to increase the complexity of the password, such as is the case with this article by Apartment Therapy.
There is also an argument that simply increasing the length is the best way to achieve password security, such as described in the vaunted 936th xkcd comic.
However, these techniques only increase the security of the password from an outsider's perspective by making it harder to guess. What about the security of the password when stored on the remote site? The best password in the world is no good if the site itself isn't secure, or if they store it in plain text somewhere.
One giveaway that a site probably stores your password in the clear is when they enforce a maximum length on the field. This probably indicates that they store passwords in a database column and the max password length is the size of that database column.
Secure sites don't store your password in the clear at all. Rather, they pass it through a one-way encryption algorithm such as SHA-1, and store the encrypted value. When you sign in with your password, the password you type is encrypted with the same algorithm and compared to the encrypted value.
To add security, these sites will often add a "salt" value to this algorithm, meaning that even if an attacker steals the encrypted passwords and manages to guess a value that encrypts to the same value as one of the stored passwords, it won't work because the stored passwords are created with a combination of the typed password and the salt value.
So it is useful to have a secure password, but keep in mind the security of the site you are using the password for. If they store passwords in the clear in a database, I wouldn't use that password for anything terribly important.