You could argue a “good password” is an oxymoron, because any password that is stolen can be used at will by the thief.  But another risk is that if the password is too easy someone could guess it or use a password breaker program to find it.  Passwords should never be family names or numbers that are easily found out like a birthday, address or phone.  They should also not be words, which are vulnerable to what’s called a “dictionary” attack.  Use a mix of at least eight letters and numbers, changing cases and using symbols ($!* etc.) if allowed. And DON’T WRITE THEM DOWN OR STORE THEM ON YOUR PC!  (But we know you do.  You have to or you forget them.  That’s part of the problem with passwords.  See, What is the safest way to access online services?)