NEVER EVER use password, guest, letmein, qwerty, admin, 123456 or variations of these. You don't have to be a true hacker to crack these passwords.

Do NOT use a password that is short (i.e., less than 8 characters long). Short passwords can be fairly easily bruteforced (trying 'aaaa', 'aaab', 'aaac' etc all the way until 'zzzz')

Do NOT use common English words or try to replace A's with 4's, E's with 3's etc etc. Such passwords can be easily cracked via so-called dictionary attacks. A hacker will essentially try a large list of commonly used words and their variations to crack your password. The less common your words are, the better.

NEVER use the same password more than once! We all (myself included) fall into the trap of re-using the same passwords because there are so many passwords to keep track of nowadays and the easiest way to deal with that is to keep using the same passwords. I highly recommend identifying your most important accounts and choose unique passwords for each of them.

Use long nonsensical but pronouncable words. If they are pronouncable, they are more easy to remember. An easy way to come up with a nonsensical word is to use a nonsense word generator, of which there are plenty on the internet. Alternatively, you can use words from obscure languages or use the scientific name of your favorite protist (thanks Bruce for this suggestion!). The chances of having these words in these dictionaries is extraordinarily slim.

Place symbols like _ & % # @ etc in places that do not make sense. For example corre_cthor_sebatte_rysta_ple instead of correct_horse_battery_staple

Try not to store your passwords digitally, but in a physical notebook or something like that. If you must store them digitally, you can use a Password Manager.