As I said in some reply to a password issue on this forum earlier, strong passwords are at least 15 characters long and it doesn't matter much if there are uppercase and lowercase letters and special characters mixed. Putting special characters in the middle of password may give you some edge for your monitoring software to discover attackers while the password problem is more complex for software like Bruteforce.

To my knowledge the cheapest software (freeware) give up the pasword cracking task when password length is 14 chars long and to be on the safe side use always at least 15 characters with passwords.

The "easy to remember password requirements" chapter is good when the length is raised to 15 chars and one should use a password sentence instead of a password.

By the way this is a very good password for sa :

DECLARE @pass char(72)

SELECT @pass=convert(char(36),newid())+convert(char(36),newid())

EXECUTE master..sp_password null,@pass,'sa'

GO

Why..? Well, where do you need sa's password, nowhere.

Don't work easy, work safe.