>A cracking program trying to hack my GMail account has no idea how long the password is, nor does it know the character set I’m using. Does it start with a dictionary attack? If so, does it try multiple words before moving on to random strings? Does it try lowercase passwords before moving on to the full character set? If so, at what length does it stop trying lowercase passwords?
That’s a pretty good set of questions — hard to say what password will be most secure unless we know the method a potential attacker is going to use against us and the sophistication that the cracking software has.