How strong should a passphrase aka 25th word to seed be to protect against brute force attack from random thief?
I use a minimum of 12 characters up to a max of over 20 depending on what to secure.
U can also use password managers such as keepass, last pass, one password, etc...
They can help you generate very secure random passwords to make life easier.
Yeah, I definitely recommend using a password manager so that you can ensure you use a strong password. This also allows you to never reuse a password which is one of things that gets people in trouble due to site leaks and such.
If you are talking about seed words for a wallet, you will want to ensure that those words are totally random. Its best to let these be assigned to you and not to specify your own as humans aren't very random.