Modern encryption methods are technically so advanced that they have no known weaknesses and that brute-force attacks (a systematic approach that tries out all possible key combinations) would last much too long. But if the password is badly chosen, there is a chance with a dictionary attack, a special case of the brute-force attack. The weak spot for both attacks is the password that has been chosen by the user.
A password should have a length of at least 20 characters or it would be less secure than the encryption method itself (usually 112 or 118-bit-keys for commonly used encryption methods). If the password were not composed of randomly chosen characters, then it would have to be even longer to provide the same amount of security.
Since the length of a password is often limited by the software (for AES256 for example, a password-length higher then 32 would provide no additional security) one should choose a combination of rarely used words: words from a foreign language, or made-up words. The components of the password should not be predictable by a person who knows about the interests and history of the attacked user.
An alternative would be to use a password generator and to memorize the generated password or store it at a secure location.
A reasonably secure password would be: 0aJ/4%(hGs$df"Y! (16 characters). However, such a password would be very hard to memorize and most people would probably write it down somewhere. An alternative that would be easier to memorize is a sentence known by the user, with some characters randomly changed, like "tHe bANANA*3 div 1/4 nICOTINE.“ Another good choice for a password would be the combination of the first characters of a memorized sentence (“Irn10%mmJ!“ is the combination of the first characters of the sentence “I really need 10% more money Joe!”.
Popular quotes from movies, books or celebrities as well as combinations of simple words, calendar dates, names of pets and family members etc. should be avoided. Such passwords can be easily cracked by dictionary attacks or attackers with some background knowledge about the user.