In reply to Andypeak:
Unfortunately, even a 20 char password hash can be broken now. you can rent hardware that will crack it in just a few days / weeks - even with several iterations of the hash ( which I'm sure our security conscious friends at ukc would have done ).
The age of the password is pretty much over ( when that password is stored as a hash ). Its all about side channel access ( eg, your mobile) and true cryptographically secure keys (rsa / elliptic curve, etc).