Passwords must be changed periodically to reduce the likelihood of a particular password being compromised over time. As a reliable best practice, you should consider using a passphrase instead of just a password. The phrase should be a minimum of ten characters in length, and have three of the four additional attributes – 1) uppercase letters 2) lowercase letters, 3) a number 4) a special character.
Contrary to popular belief, creating a secure and easily remembered passphrase is not difficult. Unlike passwords, passphrases are mnemonic, making them much easier to memorize. For example, let's say you're a Star Wars fan - you can use the phrase "May The Force Be With You."
Simply using that exact phrase, you already meet three requirements: 1) eight characters in length 2) upper letters 3) lowercase letters; substituting some of the characters will help to meet the other requirements. To do this, substitute “@” for the “a” in May and “!” for the “i” in With, and the number 4 for “for” in “force.” You then have M@yThe4ceBeW!thYou. This is a strong password.