A while back I wrote a long post about passwords: how they work, how they are cracked, how to pick them, etc. Here's a link to it.
But computer security is an arms race. The bad guys change tactics to react to what the good guys (that would be you) do. In this case, one of the ideas that was newish (at least to me, at the time) isn't so useful anymore. Much of that post is still relevant, but apparently hackers have started cracking passwords made of disparate words strung together.
Here's a post from Bruce Schneier - someone I trust in the security field - that discusses choosing good passwords. His preferred technique is one I discussed as well, so not all is lost.
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
I'm really glad to hear him say that changing passwords regularly is more trouble than it is worth. I wish more computer security places understood that.
So, read what Bruce has to say. It's good advice.