In spite of contemporary thought about password security, which says that the most secure passwords are those with maximum entropy (or in this context randomness), Steve Gibson of GRC, who provides us with "Perfect" Passwords has now announced his new perspective on password strength: length.
He explains, that due to the way would-be-crackers attempt to brute force passwords (in the absense or failure of easier methods, such as social engineering; google "phishing") just a little tiny bit of variation is required, given sufficient length. He provides this dramatic example:
Since they both contain at least one each of lower-letters, upper-letters, numbers, and symbols, the first, simpler, simpler password is more secure due to its length. It seems we no longer need to concern ourselves with painfully long strings of nonsense to remember for our security, just a small string of nonsense will be enough if we "pad" it sufficiently with something easy to remember.
I think it's time to re-evaluate my passwords. Read more at: