Avoid Password Reuse

These days, many account compromises happen through password reuse. Billions of user records have been compromised on a variety of sites and this data is available to anyone who wants to go looking for it. In many of these cases, it's possible to look up a user by username or email and find their plain text password. To give you an idea of the extent of compromised data, try looking up your email on Have I Been Pwned?. If you reuse a password from a compromised site, your account is not secure. Ideally, you would use a unique password on each site.

Use a Strong Password

Coming up with passwords is hard. If you're choosing your own password, chances are it's not going to be that strong. There are techniques to help you generate stronger passwords, but unfortunately, many memorable passwords are simply not strong enough to hold up to password cracking tools (such as would be used when someone downloads a compromised database). Wikipedia has an extensive page discussing password strength: https://en.wikipedia.org/wiki/Password_strength

The strongest passwords are literally random strings. As these are far from memorable, you will need a tool to store (and generate) these passwords. These are known as password managers. With them, you choose one (very strong) master password and then have it generate unique passwords for every site. This means the site only receive a strong password that is unique to it, solving both the strength and reuse issues.

There are a variety of password managers to choose from. A few include:

• 1Password - https://1password.com/
• KeePass - http://keepass.info/
• LastPass - https://lastpass.com/