"The three basic things to remember when creating a strong password are the following:
1. Use a combination of letters, numbers and special characters. Also, remember that some dictionaries used in attacks have a "l33t" mode, which allows common letter/number-to-special character substitutions (like changing a-@, i-1 ,o-0 and s=$, for example, password = p@$w0rd). Therefore, mix them in different ways so that they are not predictable.
2. Use a combination of upper and lower case letters.
3. Make it lengthy. A longer password does not necessarily mean it is strong but it can help in some cases." – Content courtesy of Microsoft Malware Protection Center : Do and don’ts for p@$w0rd$
You may also like to read