Some services and websites do not offer MFA as an authentication method. In these cases, here are some best practices to create a secure password/passphrase:

• Long enough to be hard to guess: at least 15 characters including uppercase, lowercase, spaces and special characters (e.g., “pangaea_means_all_earth!”).
• Not a famous quotation from movies, books, songs, etc.
• Not contain personal information that can be retrieved from social media (e.g., birthdays, car brands, names of family members, etc.)
• Should be unique between sites, applications, and other different sources
• Repeating characters (e.g., “aaaaa”) and “keyboard walking” patterns (e.g., “qwerty”) should be avoided.
• It has to be a secret; you cannot share it with friends, colleagues, etc.