As a result, the advice you've read in the past about what counts as a secure password may no longer be valid. For example, in order to protect against a brute-force attack, a password with eight or nine random characters is no longer sufficient. Experts now routinely recommend longer passwords, often in the 12-to-14 character range. And that's for passwords randomly generated by a computer. Passwords you create by hand must almost always be longer to have the equivalent strength.
All password managers let you select the password length you want, and my advice is that for any password that can be entered for you by an app (or copied and pasted), you might as well use the longest password the target service will accept. After all, the same keystroke that fills in a nine-character password can fill in one with 14 characters.
Of course, there are certain passwords that you must commit to memory, or that for one reason or another must be entered manually. For such passwords, you can use a longer but less-complex password to achieve comparable levels of security -- a principle I discuss later this week in How to remember passwords.