It helps, but "dictionary" in this case refers to a hacker-compiled dictionary, not an "official" one, and they often include common miss-spellings and substitutions like using a 0 in place of an o. There are also partial dictionary attacks that use some wildcard characters.
Fluger's suggestions are good against any method I know as long as you get them up above about 9-10 characters (8 characters is brute-forceable with current tech, and 9-10 probably will be before too long). Including at least one special character probably helps.
Other tips:
- The first character is the most common place to put a capital letter. Put one somewhere else. If using real words, put a capital somewhere in the middle of a word.
- Similarly, the last character is the most common place to put special characters. Put one somewhere else. Again, good to toss one in the middle of a real word if you're using them.
- Four letters followed by four numbers is very common, and those combos are often checked first. Particularly avoid runs of four numbers corresponding to years in the last hundred years or so (1964, etc.), lots of people use those.
- If you're using something that you won't remember trivially, write it down, but keep it somewhere other than your computer desk or other sensitive documents.
The most secure way to go is with password management software, but that involves its own hassles and costs money and some people don't want to deal with that.