Even when I do use passwords (and assuming the 8-char "standard"), I always have at least one upper- and lower-case letter, one number, and one special char. So that's actually 948 = 6,095,689,385,410,816 or about 6.1 x 1015.
If I did my quick figures right, they'd have to exceed 1.93 million attempts per second to be statistically likely to crack my box in less than 100 years. Not bloody likely, and still very secure. <grin>
That's assuming that all characters from all character sets are equally likely in every position in the password. In fact, human-generated passwords tend to have fewer punctuation and digit characters than the statistical likelihood. Exploiting this and similar facts would speed up the attack considerably.
Some cracking will use techniques that have a high(er) probability of hitting the correct value than simplistic brute-force methods. Basing your security estimate on defense against brute force only is probably not optimal if you have anything significant to protect.
If the only attacks you get are from script kiddies, then your odds are better.
