The best policy is to use Two Factor authentication and not rely just on a password. But alas humankind has no time for that, so here as a simple but rock solid advice on how to choose the password.
So. Through 20 years of effort, everyone is successfully trained to use passwords that are hard for humans to remember and easy for computers to guess.[Source]