You need passwords of 12+ characters
A commercial service has a beast of a machine that can guess 1.4 trillion passwords per second.
The old guideline for passwords was:
8 characters with mixed-case letters and numbers.
Our recommendation is:
12 or more characters with mixed-case letters and numbers.
Why do you need these longer passwords?
Commercial companies specializing in password recovery can easily discover your 8-character passwords. For example, Secureworks can guess 1.4 trillion passwords per second.
At that rate, they can guess your 8-character password in about 2.5 minutes!
Amateur hackers are not far behind the big companies. They build their own super-strong password cracking computer networks or they rent time on extremely powerful virtual computers hosted by Amazon, Google or Microsoft.
It can be daunting to try to replace all your account passwords in one sitting. So pace yourself. Update a few passwords each day to 12 or more characters. While you are at it, download a free password manager such as Bitwarden. It makes it much easier to safely store and use your longer passwords.
Your password manager can fill in passwords online very easily so you don't have to type them.