Payment Card Industry (PCI DSS 1.2) only requires 7 characters and some must be alphabetic while some must be numeric. So "soccer1" is a perfectly valid, PCI compliant password that will be cracked in less than a minute (offline or online).

Section 8.5.10 Passwords must be at least 7 characters long.

Section 8.5.11 Passwords must contain numeric and alphabetic characters.