We’ve always been proponents of long unique passwords combined with multi-factor-authentication (especially with Office 365). While we know long passwords and MFA can become tiresome, it beats the alternative: hacked accounts and your company’s confidential data being spread all over the Internet.
If you use a short password for a site or your computer, it’s something that can easily be broken into with enough computing power. See this chart below and think about how secure (or insecure) your password might be:
So looking at this chart, if you have a password that’s 10 lowercase letters, hackers could break that password in less than an hour.
Now take this all with a grain of salt as this assumes that the person can make a bunch of attempts per second on your account, which most decent systems are other protection mechanisms to stop. But it does show that the more complicated you make things, the harder it is to break. A long password combined with properly-setup MFA, which Microsoft says will stop 99.9% of all account breaches, and you should be ready to go.