a. Length – interacts with complexity to determine how hard it is to “guess” a password or discover it by trial-and-error testing of every combination. Of the two factors, length is more important because it has the biggest impact on the number of possible passwords.
To understand this, consider that the number of possible passwords = xy, where x = the number of possible characters that can be used and y = the length. As the following table shows, increasing the length increases the number of possibilities much more than does the same proportionate increase in complexity: