I've been using an 8 character password for almost 20yrs and so it's never been hacked... However, for the last few years I've retired the variations of that one and switched to a new formula. 2 words and a minimum of 4 digits that is linked in some random way to the site I am using it for.
That means on average my passwords are now 15-20 characters, both upper/lower case and numerical.
So for example... say you've got an account on a food site where you get recipe's and nutritional advice.... a password could be GrandmothersCupcakes1975.
I've found that to be far more effective and efficient that creating random passwords It also doesn't hurt to write them down at home because the chances of anyone breaking into my home and searching for tiny little notebook the size of a credit card just to access my account on some random website is pretty non existent.