Your server is only as secure as your weakest password. As a rule of thumb, the more complex a password, the stronger it is.
So, for example,
candy123
would be extremely insecure, whereas
Tmb1W\>r~ii
would be pretty secure.
Generally, insecure passwords:
- Are shorter than eight characters
- Are based almost entirely on dictionary words
- Do not mix in numbers and special characters
Whereas secure passwords:
- Are at least ten characters, if not longer
- Omit dictionary words
- Have a healthy mix of numbers and special characters