As with most Register articles, 99% of the real value is in the reader's comments. Dig down, and you'll find out that on its own, ten characters is just fine unless VM have poor security elsewhere, and even then the topology (pattern, if you like) of the password is usually of greatest importance. Obviously if VM have poor security elsewhere then you're stuffed, regardless.
For those with the stamina and baseline understanding to grasp the content, read this, (shamelessly reposed from the user comments) and extract from it the elements that are important to you. If you like complex stuff as I do, it's a great read.
For those who look for the security of TL;DR, then random passwords are exceptionally difficult to crack, even with short lengths. Your mission, should yo choose to accept it, is to use Excel to generate a random 10 character password, and then reset your VM password to that.