When a site prompts you to create a password: create a strong one — the more characters it has, the stronger it is. Using a passphrase is one of the simplest ways to ensure your password is strong. A passphrase is a password made up of multiple words such as “beehoneybourbon.” We recommend you also use a unique passphrase for each device or online account. This way, if one passphrase is compromised, all of your other accounts and devices are still safe.
Can’t remember all your passphrases? Use a password manager, which is a specialised program that securely stores all your passphrases in an encrypted format (and has lots of other great features too!).
Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts and it’s much easier than you may think.
See more detail in this document.
Additional Security Matters articles about passwords: