Hackers also have easy access to very powerful password-cracking tools incorporating extensive word and name dictionaries. Passwords should never be dictionary words or names. The cracking tools will also check for simple tricks like words spelled backwards or simple substitution of certain characters (i.e. "mouse" becomes "m0us3"). Pass phrases of several words are often OK, as long as the combination is not too obviously guessable.
Using the maximum number of characters (more than 16 mixed characters) greatly increases the complexity of guessing or cracking passwords and change password time to time.
Our system maintains security rules, some time we force to change password and allow only more than 80% or 95% strong password.