During a recent study, it was shown that users' views of what a "secure" password is doesn't match reality. There were some big highlights.
People believe that passwords containing common phrases such as "iloveyou88" are as secure as other, similar length passwords with random words like "ieatkale88". Common phrases are much easier to hack.
People also thought that swapping letters for numbers or symbols, such as p@$sw0rd makes passwords much more secure. In reality, this is really predictable for modern cracking tools.
So, what's the answer? It's clearly a problem that plagues even the smartest of people, as shown by Mark Zuckerberg's social accounts getting hacked recently. But there are steps we can take.
The most obvious is to use a password manager, such as 1Password and LastPass. I'm a big fan of LastPass and highly recommend it. It's effectively a vault for passwords, with one master password. It also has the ability to generate secure passwords for you, and a different one for every site you use. This way, next time Linkedin or whatever site you use gets hacked, your exposure is limited to just that site.
It has a plugin for all the major browsers so it can auto-fill in passwords on your behalf, and has a sharesheet for iOS. All in, it's more convenient than having to type in your password all the time.
If you're not keen to try it, or you need a good idea for coming up with a password for your master password, then I recommend you heed the wise words of XKCD: