Creating new password useful guidelines:

1. Reusing passwords across multiple services is an exceptionally bad security practice.
2. Try to generate a strong password that a human being would be unlikely to guess. It’s recommended to us “pass phrase” instead of regular password, Such a phrase should be relatively long perhaps 20 characters or so and consist of seemingly random words strung together along with numbers, symbols and upper and lower case letters. Don’t use passwords that are based on personal information.( birthdays, phone #)
3. Use between 8-12 characters using capital and lowercase letters, unique characters ($&@#%?!).
4. Consider using a password manager to store several passwords (and responses to security questions) safely.
5. Whenever possible use two-factor authentication (2fa), which requires users to possess two components (a password and a second factor) to gain access to their account. The second factor could be a one-off secret code or a number generated by a program running on a mobile device.
6. Don’t post it in plain sight. This might seem obvious but a lot of people post their password on their monitor with a sticky note. Bad idea. If you must write it down, hide the note somewhere where no one can find it.
7. Don’t fall for “phishing” attacks. Be very careful before clicking on a link (even if it appears to be from a legitimate site) asking you to login, change your password or provide any other personal information.
8. Secure your mobile device with fingerprint or password.