John Shier published a great overview of problem+solution around common password mistakes
Some good reminders for sure, but one could be missing (or at least I did not see it), password length.
This article gives a good overview of password length, the best tip is if using a password generator why not go with 20 characters? Seems like a great idea and 0 extra effort. Strong rules too of course. Thanks to Jeffrey Goldberg.