Paul Rubens writes in enterprisenetworkingplanet.com.
If you choose a password made up of 60 random characters, it would take a hacker billions of years to crack it by brute-force. Pretty good security, all in all. But since a password like that would be impossible to remember, it’s not really practical for most end user applications. So how long should your corporate password policy specify that a password should be?
Read the article.