I would like to up-the-notch on my security practices and try to start using "Pass-Phrases" instead of a simple "Password". (A friend told me that using "password123" isn't as secure as I once thought?!)

1.) How long does a Pass-Phrase have to be, to be effective?

2.) If it is long enough, can it be a simple English sentence, of does it have to be... "AG13 di%n@#md394786!!*dkDHpnwQ"

3.) What are some practical tips to remembering it?

4.) Any other bits of wisdom you security experts can share?