An approach I prefer is to generate a random password/passphrase that meets the security requirements, then prepend/append the number of characters/words.
EG, "e\A(."bR|@" is 10 characters long, so "e\A(."bR|@10" is guaranteed to meet the requirement without weakening security.
Similarly, "redeem robot louse apathy match eva" is 6 words long, so "6 redeem robot louse apathy match eva" is also guaranteed to meet the security requirement.