The biggest risk when setting a password is when you re-use a password across sites and services. If you do this, you’re multiplying the risk of a breach at one of those services, allowing a cracker to try your account name and password from the breached service at other sites. If any match, they’ve now hijacked your account there, too.
A unique password at every site is the goal. And Apple added an alert in iOS 12 and macOS 10.14 Mojave that will help you towards that.