Choose a VERY long passphrase. For example, combine uncommon words like this:
unconventional blueberry unlike any other semi automated shiseido mask icelanders prefer real sauna
Combinations like that are memorable, easy to type and the most secure.
In contrast, pass phrases like @ut0m4t3d
, Honey167!
or lA45pf8$d
are a poor choice when it comes to security. Because they are so short, on a fleet of 10,000 ordinary computers, these can be guessed in 7 seconds.
To read more, see zxcvbn article by Dropbox.