RNLockwood (224353) writes "Ars Technica published an article about password hackingin which the author explained how he learned to hack passwords using the most simple tools available to a neophyte. Hacker who do this for profit use lists of hashed passwords and user name that have been 'liberated' from companies and sold or posted at certain websites. Longer passwords grow exponentially harder to crack than short ones(it takes much, much, longer) but computing power increases much more slowly. At my work we have several passwords and the one with the most stringent requirements must be exactly 12 characters long, have upper and lower case, etc., must be changed every two months, and can't be repeated for a 24 password cycle. It's difficult to create acceptable passwords that both meet the requirements and can be remembered."
Link to Original Source