Depends.
A password that took 7 centuries to crack in 2005 takes 2 centuries now. Fairly linear, so a 400 year secure password should, in theory, keep pace for at least 3 decades on paper.
You can test that here:
https://www.betterbuys.com/estimating-password-cracking-times/
Where you can see that, 'testing12' took roughly 4 centuries to crack in 1982, but would take 2 months now.
However, that's not taking into account quantum cryptography. Quantum computers are many, many times faster than regular computers. They're also still expensive and experimental. Are they a problem now? No. But in 10 years, will they be viable for hackers to rent a quantum computer for a few hours to crack passwords? Yeah, probably. A 400-years-to-break password could probably be cracked in a few minutes(or even seconds) with quantum computers in 10 years, I'd guess. But a password that takes millions of years would still take months(likely) or years(unlikely) to crack.
Now, quantum computers are not magic. A NP-hard problem is still a NP-hard problem, and will take time. But I'd want at least a million years for a password.
Also, more important thing to consider is that brute force cracking of passwords (a, ab, ac...), while possible, and a good measure of the security of your password, is not the most common way of cracking a password.
Usually, passwords are exposed by dictionary attacks or just straight up breaches.
I'll give an example:
Let's say you had a yahoo account. Yahoo had a breach, and all their usernames, emails, and passwords were stored in plain text, something like a half billion accounts.
So, someone could just plug that username and password in, see if they can log into things with it. Works more than you might think.
Usually, though, passwords aren't stored as 'password123', the password is stored as a hash, which is where an algorithm stores 'password123' as something like '19dksdj9s2no9s9dksfs'. This is safer.
But, if the bad guy already knows that your yahoo account is 'password123', he can make a quick script that makes a few thousand variations of the letters, numbers, and symbols in that, and tries those hashes. That's a Rainbow Table attack.
Another method, the dictionary method, goes back to that breach at yahoo. Remember when I said that about a half billion passwords were leaked? You quickly find that humans aren't as original as we believe, and a lot of the same passwords are used by different people over and over again, all thinking that they have a unique, special password.
It's pretty easy to take the most common passwords, run them through that same script to make variations, and hash those to do a password attempt on them. Since this is working from a base of known used passwords, this is a dictionary attack.
Offline(brute force) cracking of someones password is rarer than you'd think. The methods I listed above much more common. That's why I recommend unique passwords for everything.
