ColChart indicating how strong various passwords are.
Rpsu (326 ppm)@kibcol1049 While the precise brute force times of each cell can be argued one way or the other the key point is
- longer is better (think of 18+) and
- using non-ascii characters is also better (think of umlauts and punctuation)
It really doesn’t matter if cracking short and simple passwords takes hours or days, if this is what users remember.