Your password is what protects your account from unauthorized use. When registering for a Mojang account (or any other web based service for that matter) it is important that you choose a good password.
What's a good password?
A good password is a phrase that is easy for you to remember, but very hard for other people to guess. This may sound simple, but unfortunately there are plenty of devious people out there. Below are a few pointers and best practices regarding choosing and managing your password.
Use an unique password
Always use unique passwords for your accounts. Re-using a password is very risky, simply because if someone figures out your password for one service, they will also potentially gain access to every other service that you use that same password for.
Use a password that is hard to guess for others
This is the tricky part. You should of course always avoid obvious choices like your birthdate or the name of your pet, as this prevents people that know you from guessing your password. However serious account hackers typically don't try to manually guess the password of an account, they use a computer to do their dirty work. A computer can perform thousands of password guesses per second, so any password that is a common word is very easy for a computer to crack. Due to this fact, you need to pick a really strong password, something that not even the most powerful computer can crack within a reasonable amount of time.
The strength of a password is determined by two things, the length of the password and its complexity. A long complex password is very hard to crack. A complex password consists of a mix of uppercase and lowercase letters, numbers, and symbols. The minimum length of a Mojang account password is six characters, but you can make yours much longer if you want to!
Choose a combination of characters that creates a unique password that is completely unrelated to your person, or choose a random word and replace some of the letters with numbers and symbols, or make a long password by combining several random words. Always avoid using common keyboard patterns like "qwerty" or "abcd1234".
Keep your password safe
A super strong password is still useless if you give it out to someone else. Only use your password when logging in to the official Mojang websites (https://account.mojang.com and http://minecraft.net) or in the official game launchers for our games (Minecraft, Scrolls, and Cobalt).
Never use your password to log in to other websites or third party software (custom launchers or similar)!
Never tell your password to anyone. Not even to your friends. Not even to Mojang employees.
If you write down your password on a note, don't leave it lying around your desk. Make sure to hide it somewhere safe, and don't write on the note what the password is for!
If you store the password on your computer, don't store it in a file named "password", or something obvious like that. Give the file an unique name as well. Don't write in the file what the password is for!
Change your password
If you suspect that someone else has been accessing your account, immediately change your password! Changing your password will only take a minute, restoring your lost account is a tedious task (and sometimes not even possible).
Add extra security to your account
When registering for a Mojang account, make sure that you also choose valid security questions. If someone else were to obtain your password, these questions serve as an extra layer of protection. If you did not choose any questions upon registering, you can do it afterwards by securing your account.
Learn more about security questions