Your server is only as secure as your weakest password. As a rule of thumb, the more complex a password, the stronger it is.
So, for example,
candy123
would be extremely insecure, whereas
Tmb1W>r~ii
would be pretty secure.
Generally, insecure passwords:
- Are shorter than eight characters
- Are based almost entirely on dictionary words
- Do not mix in numbers and special characters
Whereas secure passwords:
- Are at least ten characters, if not longer
- Omit dictionary words
- Have a healthy mix of numbers and special characters
While you could research plenty of theory and use it to construct ever more secure passwords, the easiest way to come up with a good password is to use goodpassword.com as a one-stop shop for secure passwords.