Harry Waldron has an interesting post. He's been doing some testing, and he can show that a longer password is harder to crack than a short complex password. We've been using passphrases for some time in our offices - collections of words and spaces like It's Almost Time to File Taxes that are actually quicker to type than the short complex password you might create from them (try it - compare that sentence, which to my knowledge has never been a password on my network, but could have been, with Iattft, a short password made from the first letters of each word.) I actually went to passphrases for this reason - they're quicker to type and easier to get right. Now I know that they're also harder to crack. Nice!