What is the recommended password complexity that we need to adhere to?

The latest PCI DSS version, requirement 8.3.6, states that password (or passphrase) complexity must be 12 characters, with an exception for legacy systems permitting a minimum length of 8 characters. Passwords must contain numeric digits and alphabetic characters.

This SAQ question is presented to merchants in their SAQ for the following SAQ types: D, A-EP, C, C-VT, and A.