Long passwords are best practice: easily use and remember long, strong passwords
Password managers are the best tool you can use to solve this common problem of username-password pairings: weak, reused passwords.
Weak passwords are those passwords which can be guessed with the help of computers. The weakest passwords are shorter than 16 characters. Have a look at the chart below.
Reused passwords are passwords which are used in more than one credential.
For example, one day you create a password for your supermarket loyalty program signup. At some point later, you use the same password to sign up for a new video chat service. You have just reused a password. When the supermarket loyalty program gets breached, your password could be discovered, then used by thieves. They would try your discovered password, in tandem with your known email address, on other services, hoping that you have reused it, thus allowing them to unlock a more valuable login.
Always use unique passwords. Don't allow yourself to be victimized by credential stuffing.
Replace your existing system with a password manager
Longer passwords are better passwords, all else being equal. Length is important because modern computers are powerful enough to guess shorter passwords.
When relying on our memory to track passwords, we make a tradeoff between password length vs password complexity. The more complex (usually taken to mean variety of symbols, numbers, and letters used) a password is, the shorter the password must be for a human to reliably remember it. Use a password manager.
The maximum length of a password is set by the developers of whichever service you're creating credentials for. Modern services do not have a limit that most of us will come up against. Certain other services, in Canada they're often banks, used to have absurdly low maximum lengths. You should be concerned if you're still forced to use passwords less than 16 characters in length. Talk to your customer support and ask them to have their product team to fix the limitation.
Transitioning to a password manager
None of us are starting with a clean slate. We all have accounts already. How to transition without losing our minds?