In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly random 12-character or longer password is impervious to all known password guessing and cracking attacks. A human-created password has to be 20 characters or longer to get the same protection. Humans do not like creating or using very long (and sometimes also complex) passwords, so we recommend using a trusted password manager program instead.