I’ve written about what I consider the best current password advice for websites and services you need to keep secure. In a nutshell, here’s the advice again:
Use multi-factor authentication (MFA).
Where MFA is not an option, use password managers, creating unique, long-as-possible, random passwords for each website or security domain.
Where password managers aren’t possible, use long, simple passphrases.
In all cases, don’t use common passwords (e.g., “password” or “qwerty”) and never reuse any password between different sites.
Source:: IT news – Security