There’s a new chart from Hive Systems that you can use to determine how resistant your password is to brute-force cracking.
Keep in mind that this is a moving target. As processor power increases and new technology arrives, brute-force attacks get faster. So if you have a similar chart published a couple of years ago, it’s likely already out of date. That’s why they included the year at the top of the chart.
It’s easy to use: find the intersection of your password’s length with its character combination.
So, for example, ‘718462’ can be cracked instantly, as can ‘xgts’.
Note that this chart does not show the effect of dictionary attacks, which are typically tried before the brute-force approach. A dictionary attack tries to guess a password based on a list of common passwords.
If your password is in the red or purple areas, you should really think about making it longer and more complex. Longer, more complicated passwords are also more difficult to remember, especially when you use a different password for every site and service (and you really should), but there’s a simple solution to that: use a password database.
I use both Password Corral, which is a free, standalone Windows program, and 1Password, which is not free, but has some useful features.
Given that most of the web-based password managers have been hacked at one time or another, I still recommend using standalone software if possible.