Number one rule- a unique password for each log in. Number 2 rule- length beats strength (but both are better). Most sites will require some combination of letters, numbers and symbols. So how do you combine these in a way to remember?
But, let’s be practical. Not all sites are created equal. We need to think about the harm that could come if the criminals get into this account. If it is a free subscription with no purchase involved the harm is pretty low. Shorter is probably safe. But if it is your bank? Or Brokerage? Use no less than 15 characters- the more the merrier. (Fun fact- it takes 9 seconds to cycle through all possible 8 character passwords with a not very expensive computer.)
Start with a sentence. Phrases are easier to remember. Then do some smashwords! Add numbers, characters, upper case to make it hard to guess.
Example: starting with a phrase like- I love to eat peaches in the summer time. Then smash it- Iluv2eatPEACHES-inthesumm3rtim3! 32 characters! And yes, I just ate a peach before I wrote this. (note that some sites won’t take 32 characters- shame on them.)
So some rules for passwords: 1 site, 1 password, Never use things about you or your family. They know that you use pet names and children’s names, dates of birth, addresses all of which they are easy to find. Make your phrases interesting but do not use full quotes from published works- plays, books, songs, etc.
For other tips on creating strong passwords take a look at this video : (full disclosure- this is from my favorite cyber security company)
https://nakedsecurity.sophos.com/2014/10/01/how-to-pick-a-proper-password