10 characters minimum. The longer the better. A 10-character password takes at least four months to brute force crack, 11 characters takes a decade, 12 characters takes two centuries… So yeah, longer is better.
Break up common words with random characters. Like a slash after the o in horse, a random number three in between the two ts in battery, or a close bracket before the l in staple. This is a way to use a passphrase which is easier to remember, but makes it much harder to guess.
Use a number. Put it somewhere beside the beginning or end and don’t use the number one. Most people make a password “secure” by adding a one to the end. Likewise, use another special character besides an exclamation mark–most people use an exclamation mark, and the attackers know this.
Capitalize at random. Yes capital letters make it harder to crack, but most people just capitalize the first letter. Don’t do that. Capitalize literally any other letter.
Use a password manager. Free yourself from having to create these passwords yourself. A good password manager will make randomized passwords that are difficult to crack and it takes the pressure off you.
Hopefully these tips will help get you through the long password-laden world until we reach that password-free secure future.