The password required for Sage is only 8 characters long.  Checking on a website like "how secure is my password" shows that any password under 10 characters long are likely to be figures out in a matter of days.  The Sage login does not even make the differentiation between upper or lower case.

I am not an advocate of regular password updating, as this is time consuming and can be frustrating.

However, perhaps Sage could consider making the minimum password 10 characters long, instead of 8 and allow for upper and lower case.

Users would then be able to consider upper and lower case, as well as numbers and other symbols and create a more secure password.  There would be less need to keep changing the password.

GDPR requires businesses to be more robust with security, and passwords are one of the key components in this process.

I wonder if this is possible?