The best way to keep your online account secure is by using strong, unique passwords. That means that your password has to be complex enough that it’s hard to crack. You should also use a different password for each account in case one gets compromised. An easy way to memorize complex passphrases (which could be combinations of symbols and numbers and random letters) is to let a password manager do it for you.
Download a password manager such as as 1Password (around $50) or LastPass (which includes a free option or a $12/year one). Start generating new, unique passwords for your credit cards, bank accounts, social media accounts, email, domain registrar, hosting provider, cell phone company, etc. Accounts that are linked to your bank account, such as ones you buy books or food from, should also be changed. Changing passwords on all of your accounts can be time-consuming, but if you install a password manager, you can just change them as you use them. Make sure to save the new passwords to your password manager.
In addition to changing your password for each site you use, you may want to change your recovery email address for them as well. Consider creating a separate email account for password recovery requests, so that if you are somehow hacked, you can see all of the password reset requests in this email account and have a checklist for what needs to be reset. Keep this account secret. (Remember that keeping the password for your recovery email account secure is paramount, since all other accounts use password reset emails as a verification mechanism.)
Yael Grauer is a freelance tech journalist covering online privacy and surveillance for WIRED, Forbes, Slate, and other publications. Find her at http://yaelwrites.com or on Twitter @yaelwrites, and check out her free ebook on staying safer online at https://yaelwrites.com/saferonline.pdf.