If you must use a password that you need to remember and type in then use MFA (Multi-Factor-Authentication).
If you must use a password and cannot use MFA, make sure the password is at least 14 characters in length (use longer if you can) and is randomly generated. Use a password manager (with a strong master password and/or MFA). If you can't cut & paste, use a password manager with autotype functionality (e.g. KeePass).
Use ssh key exchange for unattended accounts where possible (but make sure the private keys are secure... i.e. on an unencrypted drive behind a login with a weak password is NOT secure. Use passphrases to compensate but, really, keep them secure.)
Avoid use of password hints. If you have to use them (because an app forces you to), be mindful of how the information could be used to make hacking your password easier.
If you must use a human memorable password and cannot use MFA or a password manager, use Diceware (or similar). i.e. a reliably uniform random process.
When it comes to composition and length, your password (mostly) doesn’t matter.
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984SCRAM = Salted Challenge Response Authentication Mechanism
MD5 is no longer considered secure.