As with most Register articles, 99% of the real value is in the reader's comments.  Dig down, and you'll find out that on its own, ten characters is just fine unless VM have poor security elsewhere, and even then the topology (pattern, if you like) of the password is usually of greatest importance.  Obviously if VM have poor security elsewhere then you're stuffed, regardless.

For those with the stamina and baseline understanding to grasp the content, read this, (shamelessly reposed from the user comments) and extract from it the elements that are important to you.  If you like complex stuff as I do, it's a great read.

For those who look for the security of TL;DR, then random passwords are exceptionally difficult to crack, even with short lengths.  Your mission, should yo choose to accept it, is to use Excel to generate a random 10 character password, and then reset your VM password to that.

General Linux bash code to generate passwords, adjust to what you want;

num=10
len=20

echo " "

while [ $num -gt 0 ]
do
tr -dc A-Za-z0-9 < /dev/urandom | head -c ${len} | sed -e 's/...../-&/2g'
echo " "
echo " "
num=$(( $num - 1 ))
done

While I would agree there is an interesting debate in the comments, the article itself still raises valid points and concerns. For instance, if they are storing passwords in plain text and not salting/hashing then that is a glaring hole in their internal security that could be compromised. Short random passwords are generally frowned upon by most governed and industry standard guidance and enforcing them is often symbolic of poor underlying coding. For instance, an unnecessary restriction on a DB table column. With a suitable GPU cloud setup it would be quite possible to break a 8 character password in hours. And it has been shown that psychologically random passwords are hard for humans to remember compared to long phrases (which by their very nature are impossible to crack).