Discusses entropy as a measure of password strength, and includes two useful tables.
For example, a 30-character password using alphanumeric characters (mixing both small- and upper-case letters) achieves around 160 bits of entropy.

The article also includes guidelines for strong passwords, reproduced below:

• Use a minimum password length of 10 or more characters if permitted.
• Include lowercase and uppercase alphabetic characters, numbers and symbols if permitted.
• Generate passwords randomly where feasible.
• Avoid using the same password twice (e.g., across multiple user accounts and/or software systems).
• Avoid character repetition, keyboard patterns, dictionary words, letter or number sequences.
• Avoid using information that is or might become publicly associated with the user or the account, such as username, ancestors' names or dates.
• Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user, such as relative or pet names, romantic links (current or past) and biographical information (e.g., ID numbers, ancestors' names or dates)..
• Do not use passwords which consist wholly of any simple combination of the aforementioned weak components.