Passwords days are counted as we are slowly but surely moving towards passkeys authentication.
Google:
https://developers.google.com/identity/passkeys
Microsoft:
https://www.microsoft.com/en-gb/security/business/solutions/passwordless-authentication
But, for now, we still have to make sure our passwords are secure and protected by Two Factor Authentication (2FA) or Multi Factor Authentication (MFA).
To be secure, passwords need to be complex and the recommendation now in 2023 is to go for 10-12 characters or more (including Upper and lower case, numbers and letters, special characters). You should also never re-use the same passwords.
And you should have different passwords for different werbsites as, if one website gets compromised by hackers, hackers will try your credentials on other websites.
What difference does password length and complexity makes?
First, I need to explain what a brute force attack is… A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys.
https://en.wikipedia.org/wiki/Brute-force_attack
Now, if a hacker tries to Brute force your password the length and complexity of your password will increase the time it takes for your password to be revealed.
Note: The time it takes for a Brute force attack also depends on how powerful the computer of the hacker is, this is why, in spy movies, you see them use multiple servers for such tasks. Quantium computing will also change this drastically: https://venturebeat.com/security/ibm-quantum-computing/
Here is a picture from Hive Systems that will help demonstrate the point:
In a real world scenario though, increased complexity often means that many of us will try to take shortcuts to make it easier to remember. The most used passwords are a good example of this:
https://nordpass.com/most-common-passwords-list/
But, doing so, we make it easier for the hackers.
For home users, the NCSC recommends to use three random words but the use of words.
https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0
But words are prone to dictionary attacks ( https://en.wikipedia.org/wiki/Dictionary_attack ), this why some people replace characters with others (the “O” is replaced by a “0”, the “S” is replaced by a “$”… For example ; St3llAr instead of Stellar).
Another way to remember a complex password is to think of your favourite quote and take the first letters of each words, add some numbers and special characters…
What’s important is to find something that works for you, not so complex that you have to write it down as this would be counter productive.
If you need an outright complex random password, there are plenty of password generator online. For example: https://my.norton.com/extspa/passwordmanager?path=pwd-gen