Never use the same password for more any account. This small thing helps insulate you if any service or site, you have an account with, gets hacked.
Your email account is one of the most vulnerable points. If someone gets into it, they can reset password resets for any site you have registered on with that address. Check if sites offer 2FA (2-factor authentication), which requires a second, ever changing, code when you login to an account.
I recommend using 1Password to help create and save long, random passwords. It works on Mac, Windows, iPhone and Android. Some built-in features:
- Secure password generator
- Auto fill username and passwords for you
- Warns you when you use the same password in other places
- Warns you when a site has been listed on HaveIBeenPwned (tracks data breaches) so you can change/reset your details