Over the years I have received and given a huge amount of advice on choosing an effective password. That guidance has changed many times as hackers' methods get more sophisticated and they manage to crack increasingly complex passwords. Many of the passwords we use are probably insecure and the use of passwords is not going to vanish any time soon. Every year we have more passwords to deal with, and every year they get easier for a hacker to break. We all need an effective strategy!
An simple way to choose a password is to take a sentence and turn it into a password. Something like "Everyone's gone to the moon" which could become "eGONE2tm". This is unlikely to be in a hacker's dictionary of cracks. Other examples might be:
il2TEACHtw2s = I'd like to teach the world to sing
ioWANT2bwy = I only want to be with you
bs2WEARsfiyh = Be sure to wear some flowers in your hair
No prizes for guessing my love of music influenced the examples!
It goes without saying that you shouldn't repeat my examples; choose something personal to you. Combining an easily remembered sentence with some personally memorable coding methods enables you to create a lengthy password quite easily.
It is even better is to use random alphanumeric passwords (preferably including symbols, if the site allows them), and a password manager to create and store them. There are many password management programs available online and they should include a random password generation function. If you tell the program how many characters you want - I suggest 10 to 12 characters - it will produce passwords such as s./7Ds8@?k, h&yU9>2Yh" and !Q£sf8<0T6. These programs support normal cut and paste functions so you are unlikely to need to actually type the randomly generated characters very much.
We have become accustomed to changing our passwords regularly, either monthly or every 90 days but there is now considerable debate in the Information Security industry about whether this is necessary if the passwords used are strong, especially those that are randomly generated. Of course, many organisations will insist on regular changes of password - if that is the case you probably have no choice!
Finally, some websites now offer two-factor authentication. If it is available seriously consider using it as it's almost certainly going to be a security improvement.