rowan

With brute forcing longer passwords will take exponentially longer to crack.

A single password with uppercase letters only will require up to 26 attempts to crack, but increase that to two and we're now at 676 (26 x 26)... go up to 10 and it's a number I'd have difficulty comprehending... 141,167,095,653,376

Of course there's no point having a "good" password if you're transmitting it cleartext via FTP, or you have something on your desktop or server that is catching the password as it's used.