Vastly more info here:

https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes

Our estimation of 'minimum' changes over time, as evildoers get more sophisticated…

For the moment, this is our recommended minumum:

• Use at least eight characters, preferably 12 or more as the basis of your passphrase
• Single dictionary words are far too easy to crack
• Include upper-case letters
  • They are best used in the middle of your password, not at the ends
• Include lower-case letters
• Include numeric characters
• Include symbol characters
• Do not include pet names, kids' names, birthdays or other easily acquired bits

OWA Access: https://exchange.virtualarchitects.com/owa

It's easy to change your Microsoft Exchange e-mail password using OWA:

1. Log in to OWA
   • Full e-mail address for username
2. Click Settings → Change Password