We recommend

and it's free.

General Password Guidelines

Guidelines for choosing good passwords are typically designed to make passwords harder to discover by intelligent guessing. Common guidelines advocated by proponents of software system security include:

1. Generate passwords randomly where feasible.
2. Use a minimum password length of 10 or more characters if permitted.
3. Include lowercase and uppercase alphabetic characters, numbers, and symbols where permitted.
1. Keep in mind that everyone knows
1. that an exclamation point is a 1, or an I, or the last character of a password.
2. That $ is an S or a 5.
3. That 1 is an L or vice versa.
4. That Zero is O or vice versa.
5. That E is 3 or vice versa.
6. That 4 is "For" or vice versa.
7. And there are many others. So using these well-known tricks is not fooling or outsmarting any would-be hackers.
4. Avoid using the same password twice (e.g., across multiple user accounts and/or software systems).
5. Avoid character repetition, keyboard patterns, letter or number sequences.
6. Avoid using dictionary words.
7. Avoid using common phrases.
8. Avoid using identifiable and/or discoverable linked data.
1. Never use names, surnames, or nicknames, of family members, friends, or pets.
2. Never use birthdays or anniversaries of family members, friends, or pets, .
3. Never use romantic links (current or past).
4. Never use biographical information (e.g., ID numbers, ancestors' names or dates).
9. Avoid context specific words, such as the name of the service, application, website, company/organization name, the username, and derivatives thereof, including acronyms.
10. Avoid using information that is or might become publicly associated with the user or the account.
11. Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user.
12. Do not use passwords which consist wholly of any simple combination of the aforementioned weak components.

Some guidelines advise against writing passwords down, while others, noting the large numbers of password protected systems users must access, encourage writing down passwords as long as the written password lists are kept in a safe place, not attached to a monitor or in an unlocked desk drawer.

There are also a number of password safes that can be used, personally, I use KeePass Password Safe it's free, it's powerful, and it can generate a strong random password and/or let you define the number of characters, their type, and the format for a random password.

The possible character set for a password can be constrained by different websites or by the range of keyboards on which the password must be entered.