Good question. There are all sorts of rules and recommendations and they vary from installation to installation. Confusing at best. But there are some guiding principles that for the most part will keep you from getting into trouble.

The local Linux help page for the password command can be found by typing:

man passwd

at the command prompt.

You can boil down this man page into two principles: Don't use easy to guess passwords and Change your password regularly.

Don't use easy passwords:

The password you choose should be something hard to guess. It should be at least 8 characters long and should contain at least 3 of the following character groups: lower case letters, upper case letters, digits, special characters (punctuation/symbols).

Don't use something you'd find in a dictionary (in any language or jargon). Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, location), or any variation of your personal or account name. Don't use accessible information about you (such as your phone number, license plate, or social security number). Don't use a birthday or a simple pattern (such as backwards, followed by a digit, or preceded by a digit).

On the other hand, cryptic letter/number sequences are hard or impossible to remember and slow to type in (e.g., W3qw8IT!).

It completely defeats the purpose of a secure password if the password you create must be written down to be remembered!

Suggestion:

Try an 8 character password (including caps and numbers), make it a simple mnemonic (without using dictionary words), and keep the first character a letter. Sometimes adding special characters, e.g., !=&%$, will work, sometimes not.

Some handy substitutes to give your mnemonic more meaning:

2 -> to, too
4 -> f or
& -> +, and
$ -> money
# -> pound, weight
@ -> at
> -> go, going
* -> star
! -> not
= -> equal

Example mnemonics:

My1stact (My first account)

lnx4evy1 (Linux for everyone)

Sch=kool (School is cool)

Change passwords regularly:

Pretty self explanatory. When choosing a new password, make sure it's unrelated to any previous password.

Here we might add that you probably have many different accounts, e.g., other department computer accounts, bank account, web logins, etc. If you use the same password for all of your accounts, then when one account is compromised, they are all compromised! Try to keep unique passwords for important accounts, like CS and Bank of America. :-)

For information on how to change your password under Unix and under Windows, see Password change questions.