The advice on best practice for passwords changes from time to time. Changing passwords regularly is no longer recommended, because most people have enough trouble remembering long term passwords and if they have to change regularly they will pick simpler and less secure passwords. Better to pick a strong password and keep it for longer. Nor is using character substitutions such as 1 for L or 3 for E recommended now as hacking robots will try these automatically. You can find more information on current best practice on the WordPress.com site.
Our system enforces strong passwords and will reject anything it considers too weak. A good method of choosing long passwords it to string together several unrelated words, e.g. aardvarkmauvepotato, which is long, looks nonsensical but is easier to remember than random letter combinations. You can throw in a mix of upper and lower case letters, numbers and punctuation too to make it stronger, but make sure it’s something you can remember.
Another way to keep track of your ever increasing number of passwords is to use a password manager, also mentioned on the WordPress.com page.