I've read an article on netcraft about Microsoft recommending usage of passphrases instead of passwords.
The point being made is that "passwords are ridiculously easy to guess or crack", the only solution being increasing the lenght of the pass strings.
Isnt it obvious that doing so means increasing severely the pain it is for users to remembers password -- so increasing the risk of having password and stuff like that store in clear-text somewhere. While I'm definitely not a security expert (not a computing expert anyway), it seems more sensible to me to incitate to use system with key pairs authentication. On all the servers I am admin of that run sshd, only passphrase with keys permits to gain access. I think it is the way to go. That said, if many servers follow this approach, it will be necessary to disallow ssh keys pairs without passphrase (because crackers will likely being cracking users home account to steal private keys first - and that would probably be even easier than to crack a sshd production server well monitored that allow password ssh access).