Generate cryptographically strong, random passwords. All generation happens locally in your browser -- nothing is sent to any server.
Never reuse passwords across accounts. A single breach can compromise all your accounts if you share credentials between services.
A 20-character password with mixed case is exponentially stronger than an 8-character password with special symbols. Aim for 16+ characters minimum.
Store generated passwords in a reputable password manager. You only need to remember one master password to access all your unique credentials.