Never use the same password for your multiple important accounts otherwise if one is hacked then it means all are hacked.
Your password should be at least 16 characters, one uppercase letter, use at least one number, one lowercase letter and one special symbol.
Never use your families, friends, mobile number, ID cards Aadhar card number, Pan card, Flat number, Car number etc as your password.
Never use any dictionary word in your passwords. Examples of weak passwords: 12345, Test@123, 123456789, 987654321, passwordgenerator etc.
Never send sensitive information online via unencrypted connections. You must use encrypted connections such as SFTP, HTTPS, FTPS, SMTPS, IPSec whenever possible.
Never store your password in your browsers. Instead, use any recognised strong password manager to store your password like LastPass, Norton Password Manager.
If you are connected to a public wifi then try to avoid to log in with your important account as much as possible. Because they are not secure and you will not be safe fully to use them.
Never use something that can be cloned as your passwords, such as your fingerprints because that type of password can be easily guessed by brute force attack.