The password is the everyday lock on your account, and most account losses that are not phishing come from a weak or reused one.
Generate it
Use a password manager to generate a long random password. Do not use anything you can remember from personal history, and do not reuse a password from any other account. Reuse means a breach anywhere is a breach here.
Store it right
Keep it in an encrypted local manager such as KeePassXC on a device you control. Not in a browser autofill and not in a cloud-synced service. The database itself lives on encrypted local storage.
Pair it with the phrase
The recovery phrase is the backstop if the password is lost. Store the two separately and treat the phrase with more care, because it alone restores the whole account. See the recovery phrase.