No matter how difficult is the password, the security breach of computer by trojan keylogger will capture everything that is written to computer.
What I did was to encrypt the wallet with an impossible to crack randomly generated password (example: r'WRVJ?G2/=Z/,f\ijAGZ#q$&0GvNB), then put it in a password protected RAR archive using another impossible to crack password and then put it on an external HDD that is connected to my PC (Online). That sounds secure enough, right?
The additional password to WinRAR archive is only useful to keep the public addresses secret in case of theft. Receiving addresses are not encrypted by wallet encryption. This might backfire if WinRAR archive format is changed without backward compatibility and You cannot decrypt archive anymore.
External HDD's are generally more unreliable than internal drives and having the wallet on external drive that is conected to computer and internet gives no additional security.
I believe the only way of someone stealing my coins is to infect my PC with a very smart trojan that can record me entering the password (which I don't plan on doing as I don't intend on spending the coins anytime soon) and stealing the wallet.dat file
Even most basic trojans come with keylogger, file browser, remote control and remote file upload and execution functionality. This is how most theft happen.
I will create offline wallet on another computer that have no network connection with Armory, print deterministic wallet backup and store it somewhere safe and hidden, create watching only wallet for use on internet connected computer and send most coins to offline wallet on the offline computer. And encrypt harddrive of that offline computer, with decryption password and header key backups written down somewhere safe.
Not so hard at all if You know how to use computers.
