1) Don't use the same password on multiple websites.
2) Never give passwords out.
3) Follow standard rules for passwords like including special characters and don't use actual words.
4) Take advantage of sign in via facebook, twitter, etc as that way the password is only in one spot. As long as facebook, twitter, etc keeps it secure you are good to go. Odds are you are safer with your password in one database rather than many databases that could get hacked.
Some sites have gone overboard with rules. Here is an example of overkill I found while reading a mashables article:
The most important things to learn is to only supply the bare minimum information on sites so when there is a breach they only have a little information on you.