Secure random password generation runs entirely on your device, so we do not know it in any way
Whenever possible, include all sets of available characters to enhance the complexity of the password
Do not use the same password for multiple purposes or sites. The most secure option is to have specific password for every case
Use the longest password possible, nowadays, a 10 character password is considered insecure
Avoid using passwords over insecure connections (plain http), require https sites instead
Do not annotate your passwords on papers or plain text documents, use specific solutions for that purporse
Never share your password with any other person or site
Avoid using insecure passwords anywhere, even for sites you don't care, that could end causing troubles on another sites you do care
Avoid letting your browser store your secure passwords. Your browser is not a secure place to store a password!
Do not transmit your secure password over insecure channels. Don't even send that password to yourself over a mail, chat, etc.
Choose a very personal and secure password that you can memorize as the master one, and use it to access the others one that must be securely stored in a specific application
Change your passwords periodically as often as possible
If you ever need to have a password written somewhere, like a database password in a .php file for CMS access, be sure that belongs to a non priviliged user and than it is as much restricted as possible