While this won't help you with your present Hotmail, it may in the future. I try and use the
horse battery staple correct (I know but this way works for me) method. Remember if someone wants to hack (guess) your password, they have to get
every letter in the correct order. Ergo the longer the password, the harder to hack using a brute force application.
https://www.grc.com/haystack.htm - See how long it would theoretically take to brute force your password. Yes there is a tad more involved but if you use
Password1 as your magic word, it takes very little more time to brute force
P@$$w0rd1 . Put it in the GRC link and test it out and see the extra time. (Remember though that
password and all the permutations of it will have been entered into a dictionary and tried first which would have resulted in the word being brute forced in 1 or 2 seconds or less.) Then put in something that has 4 words with each word having 4 characters as a minimum (words can be longer) and dump that into GRC and note the time difference.
If you want to use random words, read the article
here to create your own list to randomise or use an already made generator
here to do the dirty work for you. Remember that you will need to save any passwords so you don't forget them. Do NOT put stick them to the bottom of the keyboard because that is too inconvenient having to turn the keyboard over when you are trying to type in that new password.
Better to use a Postit note stuck to the front of the monitor.
Some people recommend a Password Manager/Password Vault. I tried some but didn't like the features or the ones that want to backup my passwords to the Cloud, not a real crash hot idea IMO so I keep my 185+ password in a unprotected spreadsheet. Bloody insecure and the passwords aren't that safe either but it works for me. The file is on 3 different USB keys and they get synced every week or so.
I used to use the C1imbM0unt@In$ type cleverness but I started to forget what letters and numbers that I transposed. Now it's a simple four words.
climbpowerequalsperformance . If it requires a capital,
Climbpowerequalsperformance or a capital and character,
Climbpower=performance . The password can be populated with punctuation(s), hyphen(s), number(s), symbol(s) and a space(s). Numbers can go in between the words or at the end so it is easy to remember its' location. The brute force application still has to get every character, and a space is a character, and get them all in the correct order for hacker to be successful.
We all know KISS but learn a new one. KISSY, Keep It Simple Stupid
for Yourself. When using the battery horse staple correct method, make sure your words don't relate to each other. In my example, climb power should not be next to each other. PowerTimesAttitude=Performance or PowerXattitude=performance would have been a much better example. 
Personally I blame the medication. 
Apologies for the short story but the medication is working for a change today
and I tend to waffle when it does.
