@Stanley Lee Sincere apologies for the delay in response. I missed your reply.
Upon rechecking, it appears that the module supports X.509 certificate authentication.
Good, As suggested, please proceed with the X.509 authentication so SAS token passwords are not required.
I do not know whether importing the certificate to the module is for HTTPS communication only or MQTT-TLS
It depends on how you want to use. Please go through Understand how X.509 CA certificates are used in IoT and Communicate with your IoT hub using the MQTT protocol
To answer your specific query regarding Can I reduce the password length for MQTT?
Unfortunately, there is no possibility that IoT hub can use shorter passwords today.
Hope this helps. Do let us know if you have further queries. Feel free to comment or reply to this.
If the response is helpful, please click "Accept Answer" and upvote it.