To stay secure, you should use a password manager, and generate a different random password for each site you use. The passwords should be as long and complex (e.g., including symbols) as the given site allows. The advantage of password managers is that you won't need to remember. Also, turn on 2FA on all your important accounts, and wherever it's possible, prefer app based 2FA over text-based (hackers regularly trick mobile providers into reassigning your account to a different SIM) I work for LastPass, so I'm obviously biased when it comes to selecting a product (but it's free so no risk to try). From the security point of view, you should prefer products that guarantee zero knowledge, which means that it encrypts your password vault (saved credentials) on your computer or phone, before it uploads to the cloud. So even if there's a breach, if you use a strong master password, you're safe. UI and UX are also important. Ideally, you will be using your password manager all the time and across multiple devices, so it has to work really well for you. Otherwise, you'll quickly fall back to bad password practices :)