Excellent 20-minute explanation of password strength for both the general audience and the more tech-saavy user. Dr. Mike Pound demonstrates password cracking using hashcat – the example scenario is that an online service liked LinkedIn is hacked and the user credentials are stolen (which happens not uncommonly). No company would store those credentials in “plaintext” – they’ve been encrypted via a one-way hashing algorithm (for the purposes of this video it’s MD5, which is outdated and quite weak).
He shows brute-force and dictionary attacks and the affects of increasing password length and complexity. He also explains how substitutions (eg. “N3wy0rk”) are easily defeated by simple rulesets.