Always use complex and unique passwords for each application
Many sites in your digital life will have minimum password requirements. While this is better than nothing, you should always choose the longest and most complex password the system will accept. In many cases this would be 100 characters in length and a mix of numbers, letters (upper and lower case) and symbols. Remembering unique random strings 100 characters in length is unrealistic. This is where a password manager comes in to play.
Use a Password Manager
This is a tool that you would install on your system to securely store all of your passwords in an encrypted vault. There are many vendors and open-source projects that offer tools to accomplish this same goal. Choose one that has a decent community or customer following and make sure you decide which features are best for your lifestyle and turn off those you don’t need. If you select a cloud-based password manager, be very sure you select one that is a market leader (e.g., LastPass or Bitwarden) and ensure that you have selected a very strong master password.
Don’t reuse passwords
Passwords are regularly passed around by criminals after data breaches, which other criminals will use to try logging into other places where you may have re-used your password. Criminals also use passwords as part of phishing emails to establish rapport or as part of extortion attacks. You can view some of the data breaches that your email address has been a part of on Have I Been Pwned.