According to Hive Systems your passwords should be at least 18 mixed up characters for maximum security. Here’s how long it would take a hacker to come up with as many combinations or passphrases before guessing your password [read more, methodology.. More here.
I don’t think I have any 18 character passwords…
The thing often missed is that it isn’t normally “instant” to brute force attack, because after 3 attempts, the account should be locked out anyway.
Best option – secure your email account with as long a password as possible, to prevent “password reset”, but surely the rest just should be not easily guessed?