The following is how long it takes for a hacker to randomly guess your password:
Length: 6 characters
Lowercase: 10 minutes
+ Uppercase: 10 hours
+ Nos. & Symbols: 18 days
Length: 7 characters
Lowercase: 4 hours
+ Uppercase: 23 days
+ Nos. & Symbols: 4 years
Length: 8 characters
Lowercase: 4 days
+ Uppercase: 3 years
+ Nos. & Symbols: 463 years
Length: 9 characters
Lowercase: 4 months
+ Uppercase: 178 years
+ Nos. & Symbols: 44,530 years
Furthermore, the report says it costs a company $10 to take a phone call that will eventually require a password reset.
30 percent of all help desk calls are password related, and 50 percent of all users make their password a "common word or simple key combination."