How long should a password be in 2023? You're asking the wrong question

Summary

KEY POINTS:

1. A GPU could crack all possible 8-character combinations in under an hour.
2. Passphrases with four or more random words are the most secure.
3. Password length is more important than complexity.
4. Passwords should be truly random, with strength measured by entropy.

References

• Media Check: ZDNet - Media Bias/Fact Check (HIGH CREDIBILITY)
• Collections |The Runway (airforce.gov.au)
• ADDITIONAL READING RAAF RUNWAY (PME)
• RAAF RUNWAY: RATIONALE, GUIDELINES, LEARNING OUTCOMES, ETC