Just because the password is long it doesn’t mean you are safe.
There are many other ways to get ahold of a password other than brute force. With the recent increase in price and popularity of steem, the risk of your accounts being attacked is increasing daily.
Steemit has multiple private keys for a reason, use them.
To find them first you go to wallet, and click on permissions. Then you just click on show private key and then you can log in with that. The typically use the posting key when using my account normally. It can’t send transactions but it can still upvote and make posts. The Active key allows you to make transactions, including: powering up/down, moving stuff out of savings, and transferring steem/sbd. The owner key allows you to do all those, as well as change them. This is the password you were given when you created your account.
Do not store your password online unencrypted. Storing it if offline on your computer(s) is safer. Although, you shouldn't do this on a public computer. If you believe somebody else is using your account, change your password. That will change all the other keys too.
Some of you have thousands of dollars or more in your account. You might want some additional security. My advice at this point is to keep your password completely offline. You could either write it down and keep it in a safe place or keep it on a usb drive. Keep it somewhere hidden, so that nobody stumbles onto it by accident. Using your active and posting keys instead of your password is also a must.
At this point some may consider changing their password regularly. The steemit password is long enough that brute force is unlikely to crack it. Changing it often decreases the chance that brute force can crack it, but there is little other reason to do it. Nobody who gets ahold of the password will keep it the same for long, they will try to take control as fast as possible. You should still change your password after any lapse in security, those happen often enough either way.
Paranoid level Security
Some people have hundreds of thousands of dollars in their account, sometimes you need to go overboard. At this point you should always encrypt your passwords. I typically save my passwords in a text file and then encrypt them using gpg on linux . Next I store them offline in multiple usb drives in distant locations, so that if something happened to one area the rest would be safe. (I have also uploaded my encrypted passwords to google drive, behind a 30 character encryption password, just to be safe.)
At this point you should also worry about malware. Windows computers are especially prone to get them. This means a good anti-malware is a must. If you have a good understanding of computers or are willing to learn, Linux will turn out to be a better option. Linux is more secure and some distributions can encrypt files without downloading extra programs.
The more secure everyone's password is, the less likely hackers are to go after any of them. That ends up helping everyone.