This article was written in August of 2007. Computers are dramatically faster than they used to be. Also, some bad guys are using botnets for password cracking. This means that some bad guys can apply several orders of magnitude more computing power to password cracking than they were able to when the article was written.

Unfortunately that means that some of the conclusions of the article are dangerously wrong. It's hard to get a true consensus on passwords from the thought leaders in the IT security industry, but in general an eight character password with three out of the four possible types of characters (upper case, lower case, numbers, symbols) would be considered adequate for low-security applications. Privileged accounts and higher-value targets should use longer passwords or two-factor authentication.

It's worth noting that there's a significant difference in security between offline password cracking and online password cracking. In the latter, the attacker is subject to account lockout settings and access method limitations that usually increases the time needed to crack a password such that it becomes infeasible. In offline password cracking, the attacker is not subject to any of those limitations and password security needs to be significantly greater to prevent attacks from succeeding. Many authentication systems are subject to offline attacks.