A complex, six- to eight-character password may have been sufficient 10 years ago, but it’s certainly not today. A password’s pure strength lies in its length, the number of possible characters and the randomness of character selection. Most companies still lack a sufficiently adequate auditing system to alert admins of repeated failed logon attempts. A spreadsheet-based calculator shows the success rate of real-world password-guessing attacks. Download the spreadsheet in which you can key in your current password policy and see how your passwords might hold up against the number an attacker can make in a given minute.”]
Source: https://www.csoonline.com/article/2632462/test-the-strength-of-your-password-policy.html