There are bad people out there.
All passwords should be of sufficient strength so as to make it hard on hackers to crack into your email accounts or websites.
Following are minimum requirements. They are a condition of our hosting services, as failure to follow them can endanger not only your own access but that of everyone else on the same website server:
1. Passwords should be 7 or 8 characters long (can be longer but 7 is long enough unless your situation makes you a tempting target).
2. They must include at least one capital letter, and at least one lower-case letter.
3. They must include at least one numeral (any of the digits 0 to 9).
4. They may not include any real words or names (or obvious parts, like the first 4 letters of your last name).
5. They may include no meaningful or obvious numbers (like your birthday or street address, or “123456”).
6. Of course, you also have to keep your passwords secure so no one unauthorized can get their hands on them.
Change relevant passwords in event of a suspected hacking or if personnel leave your company.
Do not bother changing passwords otherwise. That actually decreases security by making it harder to keep track of passwords (so people write them down).