The way in which passwords work, though they are the most common security control in use, is little understood. Raising awareness is key to improving the acceptance by staff of the enterprise's password policy. Understanding why password construction matters, how passwords are stored and used by information systems and just how password crackers operate will go a long way to making sure the enterprise's passwords are a point of strength, not a point of weakness.
The two significant factors in the construction of a strong password are length and complexity. Length is simply the number of individual characters used in the creation of the password, while complexity refers to the number of characters that could potentially be used in the creation of the password. Of the two, complexity is far more important to password strength than is length. A little mathematics bears this out.