My passwords are 14+ characters, combinations of uppercase, lowercase, numeric and symbol characters. The symbol characters include the ones on the standard UK keyboard and at least 1 special symbol such as ™ or something that has to be keyed in using Alt Codes.

If you have a Windows account, you want a password 8+ characters. If your password is 7 characters or less (veryt odd algorithm), then your NTLM hash doesn't need to be split. If it's over 7 characters, then the hash is split into 2 parts and each part is decrypted then the string is fixed together again. It's a strange algorithm, but that's M$ for you!!

Security-wise, don't store your passwords anywhere really. You can make a too, that searches all files as raw-text just as easily as you could make a dictionary-attack or brute-force attack.

For brute-force attack prevention, simply make your password longer. A brute-force goes through every combination possible; the longer your password, the more combinations it could be. For passwords that are say 10 characters long, it can take years upon years to brute-force a password

If you REALLY have to store your passwords in encrypted format in a file somewhere, then salt the hash and keep a copy of the salt you used. The same rule applies to sites, although if you're salting your passwords then you also have the choice of using a randomly generated salt and store the salt alongside the hash in the database.

Geesh Impluo, you little social engineer!! Yeah, you must also remember that if you have a password which can be recovered by entering your personal data and/or a secret qquestion, then you need to keep the answer secure, even unrelated, maybe enter fake data (remembering what you entered somehow) or use a different password for the email account that the new password or the recovered password will be sent to.