Updating our info on password security from here: All About Passwords - What to Do and Not Do
It seems that very soon, thanks to gpu processor power, mixed seven digit passwords won't be good enough. It's going to take at least 12 to stop brute force attacks. Unfortunately, a lot of web sites won't even take a 12 digit password.
However, on your lan, a very important thing to do is have a server set with account lockout policies for too many retries. Aside from having a strong password, that is your best defense.
Info on the 12 digit password issue: