Unique. Do not use a password you already use for another account, such as your bank account PIN.
Difficult to guess. Don't use common words or names.
At least 7-characters long. The longer the better
Made up of both lower and upper-case letters and numbers (and special characters if allowed)*.
Kept secret. Don't reveal it to anyone - not your secretary, your sysadmin, or even your spouse**.
Changed often - especially if you suspect that they may have been compromised.
Bad Passwords Include:
A complete word from any dictionary (English or other);
Your login name in any form (as is, reversed, capitalized, doubled, etc.);
Common names, such as the names of family members, pets, or friends;
Based on any information easily obtained about you (e.g., license plate numbers, telephone numbers, employer, school name, automobile brand, street name, etc.);
All the same digit or letter (this significantly decreases the search time for password cracking software);
Any obvious sequence of characters (e.g., 123456);
Obvious to anyone watching you enter them (such as qwerty).
Help In Creating A Good Password
Use the first letter of a sentence that would only have meaning to you.
Ex: "My daughter, Jenny loves to each chocolate chip cookies after dinner." This would result with: MdJltecccad. This 11 character password is incredibly easy to remember, assuming you have a daughter named Jenny who loves to eat chocolate chip cookies after dinner.
Once you try it, it's almost fun thinking up sentences. "My good friend Ralph drives a 99 Honda Accord." -> MgfRda99HA.
Combine two or more words with some numbers thrown in for good measure.
upper132cardboard, Greek39countermeasure, etc.
For the ultimate in security use a random password generator from GRC, or this one from HotBits (using radioactive decay)
While it would be nearly impossible to use a big random string as your full password, you could use a small
chunk of the random string at the end of a password to make it much more secure, and not too hard to remember.
For example, bank is an insecure password, but bank-mLwh is much more secure, but is much easier to
remember than a big random string like 4BRLGmLwh
I Can't Remember All Of My Passwords!
If you're like most people, you have dozens of passwords for various websites.
I usually don't have trouble remembering the passwords that I use daily, but I
almost always forget my password for sites that I rarely frequent. I had to write them down somewhere.
Writing passwords down on a piece of paper or sticky note and keep it next to the computer.
Making a text file called "passwords.txt" containing all your passwords. (or Word document or Excel file)
Using a trivial password so it is easy to remember. Ex: "pizza", "kitty", etc.
Use a secure tool designed to encrypt passwords such as KeePass.
It's free, secure, and pretty easy to use.
* Many web-based logins don't allow the use of special characters for technical reasons.
** Of course this isn't always possible. If you share a bank account with your spouse, you are likely to share the password for the online banking account.