Having a password of 8 characters is generally more secure than a password of 6 characters. However, if the 8-character password is "password" and the 6-character password is "p@swRd", the 6-character password will be much more difficult to guess or break.
Enabling this policy enforces some baseline complexity requirements to force users to incorporate different elements into their passwords which will make them harder to guess or crack. The complexity requirements are:
- Password must not contain significant portions of the user's account name or full name
- Password must be at least six characters in length
- Password must contain characters from at least three of the following categories:
- Uppercase characters (A through Z)
- Lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Special characters (for example, &, $, #, %)
You can use other password policies in combination with Password Must Meet Complexity Requirements to make passwords even more secure.