Wikipedia:User account security

All registered users have to log in using a password before they can edit using their usernames. Passwords help ensure that someone does not masquerade as another editor. Editors should use a strong password to avoid being blocked for bad edits by someone who guesses or "cracks" other editors' passwords. Users may access their account's preferences to change their password.

As a rule of thumb, a password that is reasonably long, with a mix of upper and lowercase letters and numbers, and not mostly made up of dictionary words or names or personal information (date of birth, cat's name, etc.) is likely to be reasonably strong for everyday use. Passwords that consist of just lowercase letters can also be reasonably strong, but they must be significantly longer than passwords with more entropy per character; see this XKCD comic strip. However, it is left up to users to decide how strong a password they wish to use beyond this.

Having strong passwords is a necessary condition but not sufficient for strong computer security: for example when using public computers your account could be compromised by keyloggers.

Accounts that appear to have been compromised may be blocked without warning; administrators will generally not unblock such accounts without evidence that their rightful owners solely control them.

Be careful on public WiFi networks. Sometimes there may be people sniffing packets and looking at information. If you edit from a public WiFi network it is a good idea to use a VPN or inspect the HTTPS certificate of your connection.

As of December 2015, users with advanced permissions are formally required to maintain a password that meets certain specific requirements and may have their passwords audited by the .

Although users with other specialized functions (such as template editor) are not formally required to maintain strong passwords or have them audited, they are still strongly encouraged to do so.

...
Wikipedia