If you saw the recent press coverage about the hackers who managed to breach Sony's systems, you'll know that they managed to discover millions of users' passwords which were stored in the systems' databases in an unencrypted form.
Most reputable systems, including Windows itself, store your password in an encrypted form, and there's no way to reverse that encryption to discover the original password. The only option is to simply try every possible combination, in what's known as a brute force attack.
Trouble is, computers are very good at doing brute force attacks, and a decently powerful desktop computer can try tens of millions of combinations every second. Ironically, the biggest improvement to password-cracking software in recent years has come about because of the availability of hugely powerful graphics cards. With the right software, the chips that normally render 35 fps of Grand Theft Auto 9 can now crack passwords instead.
So now you know why security experts always tell you to choose a long, complicated password, which preferably contains numbers and punctuation characters rather than just letters. Because a password which consists of a combination of entries from a 26-character repertoire (a-z) is much easier to crack than if the range of characters is 52 (a-z and A-Z) or 62 (including digits too).
If you've ever wondered just how secure your favourite password is, here's a simple web site that will tell you. Just go to www.howsecureismypassword.net and start typing. As you type, the indicator is updated after every character to tell you, approximately, how long a desktop PC would typically take to crack it.
Are you worried yet?