A strong password is long, random, and uses mixed character types. Length is the most critical factor — each additional character exponentially increases the number of combinations an attacker must try.
Entropy measures password unpredictability in bits. Entropy = log₂(C^L) where C = character set size and L = length. A password with 60+ bits of entropy is considered strong; 80+ bits is very strong for most purposes.
Never use dictionary words, names, or dates of birth. Do not reuse passwords across accounts — if one service is compromised, reused passwords expose all other accounts. Use a unique password for every important login.
A password manager stores and auto-fills passwords so you only need to remember one strong master password. It also alerts you to weak, reused, or compromised passwords, significantly improving your overall security.