Its length : the longer, the better. Nothings beats an exponential ! Ideally, one should use a pass phrase (a full sentence) instead of a password (a single word, no matter how complicated it is).
Pass phrases are good, since (if backed by the same amount of entropy) they're easier to remember than passwords.
But for $DEITY's sake, don't use sentences. Natural human language has very, very poor entropy – especially since people gravitate towards catch phrases, song lyrics and the like, which can be (and have been[1]) very easily guessed.
That's why I put in diceware as fallback recommendation – while dice aren't perfect, they're a very decent source of entropy.
