BLUFA minimum of 12 characters should be used, with longer passwords being better.
- A GPU could crack all possible 8-character combinations in under an hour.
- Passphrases with four or more random words are the most secure.
- Password length is more important than complexity.
- Passwords should be truly random, with strength measured by entropy.