I cannot stress it enough that passwords are only as good as you make them. Any password that is a word in the dictionary, less than 14 characters, or all numbers is asking to get hacked.
Instead of using the shortest possible password allowed, you should be using the longest password allowed. You should also be changing this password every 30-90 days, especially if it’s to your bank, credit card, or email accounts. If you pay all your bills online, those account passwords could & should be changed every month when you pay your bill.
If any account uses secret questions / answers to verify your account, you should use “password” type answers to those questions, and please don’t make the answer anything nearly related to the question.