Q: SOMEONE IS TRYING TO HACK INTO MY ACCOUNT. I’M GETTING GOOGLE NOTIFICATIONS ALL DAY LONG. WHAT CAN I DO?
A: First, any password can be broken, garnered, or stolen. It’s just a matter how determined the criminal is and what resources are available to them.
US-CERT (one of the primary groups designated to figure this stuff out for the government) recommends a minimum 15 character password for administrative accounts, and a minimum of 8 for non-admin accounts.
Functionally, isn’t your data every bit as important to you as an admins is to them? This is why I recommend the minimum of 15 for everyone.
Next, implement Google two-factor authentication. This will block the criminal even if they gain your password.
At that point, let them try all they want, it’s not gonna happen.