>We had a discussion recently in the team about the length of what a password should be. Some would say the longest is the better. Well, while this may be good as an answer, I would be curious to know, before encryption, what is the length you usually have in your application for the member's table password.
For security purposes, it should be at least 8 characters. Here is a couple of articles that explain why:
http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/
http://arstechnica.com/security/2012/08/passwords-under-assault/
http://xkcd.com/936/