If one must absolutely use passwords with Windows (not sure why anymore) and not pass phrases, and the password needs to be highly secure, you don’t get much better than using non-printable characters. Both of these posts go into detail on using non-printable characters to thwart most password cracking tools.
Microsoft, of course, even weighs in on their password suggestions.