The highest length of time to crack an 8 character password from NTLMv2 hash with a mere single mid-range GPU.
Longer passwords are better but you don’t need to go overboard. Adding just one more character to make a 9 char mixed-case, letters, digits and symbols increases the maximum time to solve from a year to 84 years!
That’s for a ‘brute force’ attack which tries all possible combinations.
Longer but not predictable
Any hacker will first try the still too common passwords like ‘
1234567890‘ or other combinations.
In practice, you should have a properly unique password with a Mixed-case letters, numbers and a symbol or two for example ‘
Two factor is even better
Office-Watch.com has strongly pushed the use of two-factor authentication for the important accounts like email and banking including Microsoft, Google and Facebook logins.
Two-factor authentication is a better choice than a longer or more complex password.