Online strong password generator: https://passwordsgenerators.net/
To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, you should notice that:
1. Do not use the same password for multiple important accounts.
2. Use a password that has at least 15 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.
3. Do not use the names of your families, friends or pets in your passwords.
4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.
5. Do not use any dictionary word in your passwords.
6. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) store your passwords, since all passwords saved in Web browsers can be revealed easily.
7. Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.
8. Do not send sensitive information online via HTTP or FTP connections, because messages in these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS and SFTP whenever possible.
9. It's recommended to change your passwords every 10 weeks.
10. It's recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software such as iPassword Generator.
11. Turn on 2-step authentication whenever possible.
12. Do not store your critical passwords in the cloud.
13. Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not a phishing site before entering your password.
14. Protect your computer with firewall and antivirus software, only download software from reputable sites, and verify the MD5 or SHA1 checksum of the installation package whenever possible, it can be done easily online at OnlineMD5.com.
15. If you're a webmaster, do not store the users passwords in the database, you should store the ( MD5 or SHA1 )hash values of passwords instead.