How long should my password be? 10 characters long, minimum, but make it as long as possible. Length is the most important factor to strength.
Does my password need special characters to be strong? Nope.
Does my password need numbers to be strong? Nope.
What about switching numbers for letters(1337 speak)? This does nothing.
How often should I change my password? Only change it if you think it’s been compromised. Never force users to rotate passwords, this actually lowers security.
Can I use the same password on multiple sites? Absolutely not. Every service should have its own unique password so that you don’t have to change all of them when (not if) they get breached.
How can I remember my password? Don’t try to remember your passwords, use a password manager. If you don’t want to, write it down. If you have to make a long, memorable password, use the diceware method. But never reuse a password.
What about two-factor authentication? Always turn on 2FA if it’s an option. Use the strongest 2FA method you can. A text message is weaker than an authenticator app is weaker than hardware-based authentication. Never give a service your phone number if you can help it.
What about password recovery questions? Don’t give honest answers to these. For maximum security, generate a secondary random password for each question and store it in your password manager.