“Attacks are more sophisticated now, and those best practice countermeasures are a little bit out of sync,” says Matteo Dell’Amico, a researcher at Symantec Research. The results show that making a password longer or adding symbols is a better way to strengthen it than by adding uppercase characters or numbers.
http://www.technologyreview.com/news/542576/youve-been-misled-about-what-makes-a-good-password/