If there is access to the hashed password table, that's a completely different ballgame. As far as I'm concerned, that falls under the umbrella of "stealing a person's password". All bets are off at that point. It really doesn't matter how long or how random your password is.
The vast majority of password thefts come from stealing a hashed password table or compromising a workstation and either stealing passwords stored in a browser or sniffing keystrokes.
No amount of password complexity can help against any of those scenarios when faced with a determined attacker. However, most attackers aren't determined enough to crack long complex random passwords. If nothing else, such a password may give you time to find out about the breach and change your password before it's cracked.
For password attacks against user interfaces, long complex passwords are very effective.
Previous Topic
Index
