Password Guidelines for the National Institute of Standards and Technology (NIST)
According to the National Institute of Standards and Technology (NIST) special publication SP-800-63B, Authentication & Lifecycle Management, memorized secrets -- another term for "passwords" -- should meet these minimum requirements:
There are other suggestions in this standard that should be considered as you establish your password policies, so a full review is highly recommended.
How to Check Passwords
Check all new and existing passwords against list commonly used, expected, or compromised passwords. Any matches through this check should result in the password being rejected, the user notified why it was rejected, and a prompt to select a new password.
https://haveibeenpwned.com/Passwords is the tool TechStar recommends to check password. IF IT'S BEEN PWNED DON'T USE IT!