From this fascinating CNET article on a few of the techniques that the Russian spies used to exchange data:
…the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.
While online passwords never need to be this complex - centralized management can prevent brute-force attack. Arguably, longer passwords are more important for local software (that can be stolen, then brute-forced). In fact, the leading theories on the ‘cracking’ of the wikileaks video suggest that they brute-forced the password that unlocked the encrypted contents.A 27 character password certainly makes brute-forcing the password impossible. But human nature, even to extremely well-trained spies is to write things like this down.