So - what constitues a suitably strong password
If they can run 10e9 password checks for $60 - what sort of complexity is 'suitable'? For normal use. I'm not talking about withstanding a year of continuous attack on something that isn't rate limited or anything of that nature but let's assume a non-2FA web site (i.e. not your bank).
Yeah - I know that's a 'how long is this piece of string' question - but I really have no idea what sort of size/complexity we're dealing with nowadays.
Now if you'll excuse me there's some youngsters I have to chase off my lawn.