Two factor ...
The problem is that 18 years will - presumably? - be half that time in 18-months. And then in another year and a half, half that again. Once 8-character passwords were considered more than strong enough ... now it's what, 20+?
By 2030 everyone will need a chapter from their favourite novel (in reverse) in order to get back to the 18 years crack-time.
--------------
A second problem is that it isn't only a password securing an account. But because way too many websites at least imply - if not insist - that an email address is also your username, very many people use the same address across multiple sites.
In the example in the article, if even the non-phonetic password was coupled with a user-name unique to that site, the time to crack would be much higher (if, in the real world, cracking was attempted at all?).
Biting the hand that feeds IT
