Enter your user-id and password only in the space provided for- that you are normally used to.
Do not provide user-id and passwords on any page that appears as a popup when you click on a hyperlink received through email. Better practice would be to log on to the service by typing in the URL in the address bar after making sure the page opening up is from the genuine service provider.
Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encryption.
Change passwords at least once every 90 (ninety) days.
Unique Characters: An acceptable password must have at least five (8) different characters. Repeated characters can make for palindromes and make it easier to crack.
Character Types: An acceptable password must have characters from at least three (3) different character types -- upper case, lower case, digits, punctuation, etc. A password that includes a sample from a rich character set is difficult to crack.
Forbidden Characters: There are a few characters that will cause problems if used in a password - the "delete" character is one of the obvious ones.
Writing down your password: One should never write down a password. Someone may discover the password. Make the password difficult for others to guess or crack but easy for you to memorise and remember.
One possible method for picking a good password is to make up your own acronym.
Do not let your computer remember your password . Do not accept auto complete option provided by your computer/ browser.
Sharing passwords is a security risk. 
