Do NOT re-use passwords.
This means your email, online banking, and other website passwords should all be different. And never, ever use a password you've used anywhere else on the Internet (i.e. flickr, facebook, instagram, etc.) for anything else. If someone breaks into Facebook's password database you don't want them also having the password for your financial data.
Use a complicated password.
Even what most people think of as complicated passwords can be cracked within 10 minutes by modern computer hardware. A few years ago someone I know cracked 100,000 passwords used on Facebook in less time than it takes to explain the process. And the process is easy.
How do you make and remember a good password?
There are a few cool tricks to this to make really complicated passwords that you can remember. Make up a sentence with at least 8 words such as "This is my very cool password and you can't have it."
Shorten it to the first letter of each word, so it becomes "timvcpaychi".
Now, add some caps. Maybe every other or every third letter is capitalized: "TimVcpAycHi".
And finally wrap it in special characters like parenthesis (or brackets or percents or even exclamation marks): "(TimVcpAycHi)". Now you have a 13 character password that you can easily remember and is super-hard for a computer program to guess.
Need to make sure there's a number in it? Don't ever just add it to the end. Make sure it's in the middle. You can maybe replace i's with 1's or r's with 2's or something like that. Now you have a 13 character password that's very strong and yet still easy to remember:
Vary your usernames when you can
While I'm on my soapbox, I'll also mention that for important things like your bank accounts, it's also a good idea to use different usernames for each account. This past year Russian hackers were selling my username and password on the black market, stolen from a web comment board. Since I never reuse passwords it didn't matter much to me, until they started trying to use it to log into my bank and investment accounts. They couldn't log in because it was the wrong password, but it did lock me out of the accounts because of all the failed login attempts. Since then I've started using randomly generated usernames as well for my most important accounts.
Software to help you manage a lot of passwords
To keep track of your passwords and make sure you never lose them there are several options to make it easier. Here's a few suggestions:
- Lastpass - A web service that syncs an encrypted copy of all your passwords to your devices, and plugs into your web browser to make using complicated passwords easy.
- Keepass - A software that stores all your passwords encrypted, and lets you copy/paste them into what you use. I use this and keep the database on Dropbox, and it syncs to my phone, tablet and PCs so I always have it with me.
Both of those can also generate new random passwords for you since you won't have to remember each password.
And lastly, for all accounts that support it, I'd recommend turning on 2-factor authentication. Different services implement it different ways. Google has an app you install on your phone that generates a unique number that changes every minute. When you login from a new PC, you enter the number from the app. Facebook will text you a login code. One of my banks calls me with an automated voice and reads the code. Enable 2-factor, whatever form they have. The little bit of extra time you'll spend logging in from a new location can save you many, many hours of headaches.