Adding just four characters increases that time to three years. An 8-character password, for instance, would only take about three hours to crack by brute-force. Long passwords are stronger than short passwords because, as length increases, it takes exponentially longer for a modern computer to try every possible combination of characters, a technique called brute-forcing. Therefore the strongest passwords are long, random, and unique. A password’s strength is defined by how difficult it would be for an attacker to crack or guess.
