When you enable the Personal Hotspot feature on your iPhone, iOS will generate a password on your behalf. It's convenient, but recent research from FAU in Germany suggests it is not very secure.
According to researchers Andreas Kurtz, Felix Freiling, and Daniel Metz, the default Hotspot password uses a short english word with some random numbers at the end. Not surprisingly, these passwords can be cracked in no time via a brute force dictionary attack. Using one AMD Radeon HD 6990 GPU, the team was able to guess a password in 50 minutes. When they bumped the GPUs up to four AMD Radeon HD 7970s, they were able to drop the password cracking