It is recommended to use at least 10- character, computer generated passwords. In case of a breach, you can assume that all passwords have been intercepted, so they should be changed as soon as possible. The following CLI script may help:


n98=n98-magerun2
$n98 admin:user:list --format=csv | grep ,active | while read row;
do 
     user=$(echo $row | cut -d, -f2)
     pass=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w10 | head -n1)
     echo "$user -> $pass"
     $n98 admin:user:change-password "$user" $pass >/dev/null
done


(Use n98-magerun for Magento 1)