Part of securing your passwords is understanding how they become compromised. Two of the most frequent ways passwords are compromised is through Brute-Force attacks and data breeches. In a Brute-Force attack, hackers are using a systematic plan to check all possibilities until the correct one is found. If a hacker knows that the site requires a minimum of 8 characters and requires the use of both alphabetical and numeric characters they will start with those parameters. This is not done by hand. They write programs to do the dirty work.
So how do you defeat attacks like this?