Most of the traditional password advice out there is a little dated. Strong passwords are the number one suggestion, selling the idea that your computer is in most peril from hackers- actualy people sitting at a screen somewhere trying to crack your account themselves. But these same passwords do absolutely nothing to protect online users from attacks like keylogging and phishing, while putting a measurable burden on users.
It's still true that weak passwords practically invite brute-force attacks. But so long as the "three strikes" rule is in place, passwords of moderate strength, at about 20, are entirely sufficient at making hacks on a single account unrealistic. When moving above that minimum, increasing password strength does very little to address any real threat. Courtesy of slashdot.com