Your password can be as complicated as you like, and this is OK for access to the contents of your machine, but bear in mind that if it is for a web service, it will be held at the other end because that is where the verification takes place. If as and when the other end gets hacked, as happened with hotmail a couple of years ago, the hackers, or those to whom they sold the information, have full use of your long and complicated password. I got the hint when I got some non delivery reports from addresses that I hadn't sent to for years past, plus a polite inquiry from Martin asking why I thought he needed chemical substances to enhance his person. Best security is to change more often, then the stolen information becomes useless.