I don't know much about this, but seems like the bigger risk for passwords these days isn't brute force hacking, but security breaches where institutions and e-commerce sites are hacked to gain access to the database with your personal information and passwords.