Ok this post is an easy one, but I worry it may not sink in. Either way, here goes:
Use. A. Different. Password. For. Every. Website. You. Sign. Up. To.
The ONLY exception is for sites that you don’t mind if someone hacks into multiple accounts. For example, for some random forums I frequent, I use the same credentials and I really don’t care if they get hacked; there is nothing personal on them.
For everything else, USE DIFFERENT PASSWORDS! There are so many sites being hacked successfully these days that this should no longer be “advice” and instead considered “compulsory learning in order to be allowed on the Internet”.
And before you worry about how, here’s the answer: use a formula. This way you don’t have to remember a single password but can instantly figure out a particular site’s password, for example:
“Day of birthday + 1st 3 letters of website URL + last two letters of surname + number of letters in URL/surname etc”
You get the idea. Make sure it has a few numbers in it and isn’t completely predictable. You are not really at risk from people ‘guessing’ your password, but more those who steal one site’s catalogue of login details and then spam all other sites trying to log in with them.