Staff member
These pointers can be applied in an home environment.

Quoted from Password policy recommendations for Office 365

Password guidelines for administrators
The primary goal of a more secure password system is password diversity. You want your password policy to contain lots of different and hard to guess passwords. Here are a few recommendations for keeping your organisation as secure as possible.
  • Maintain an 8-character minimum length requirement (longer isn't necessarily better)
  • Don't require character composition requirements. For example, *&(^%$
  • Don't require mandatory periodic password resets for user accounts
  • Ban common passwords, to keep the most vulnerable passwords out of your system
  • Educate your users to not re-use their organisation passwords for non-work related purposes
  • Enforce registration for multi-factor authentication
  • Enable risk-based multi-factor authentication challenges

Password guidance for your users
Here's some password guidance for users.
  • Don't use a password that is the same or similar to one you use on any other websites
  • Don't use a single word, for example, password, or a commonly-used phrase like Iloveyou
  • Make passwords hard to guess, even by those who know a lot about you, such as the names and birthdays of your friends and family, your favourite bands, and phrases you like to use

Keep reading for Some negative Impacts of Password Expiration Policies