Locator: 49739PASSWORDS.
From Facebook. Needs to be fact-checked but seems reasonable. Link here.
Some observations:
- the first real breakpoint: 8 characters, upper and lower case letters -- from four months to 15 years;
- by adding numbers, extends 15 years to 62 years, but
- simply adding one more character (9 characters), takes us from 62 years to 3,000 years
- the next breakpoint: 10 characters; 238,000 years
- finally, twelve characters, add a symbol and we go to 3 billion years
I'm sure there's a lot more to this but it certainly explains why common advice for a password:
- at least 8 characters
- upper and lower case letters
- simply add a symbol,
- but going to 12 character (including a symbol) appears to be the holy grail.
To what extent small repeating units affect this, I don't know but changing the repeating units by one number or one letter or one symbol should be the key.
Two-step verification is most important.