I received an email a few days ago informing me that one of my passwords had been exposed in a data breach. This is where a (usually) large company has been hacked & a list of usernames and passwords have been exposed.
Hackers use these breached details in a few ways. One of the most common things they do is to try logging into a person's other accounts using the same details, this is because so many people use the same email address & password combination across all the sites they use on the internet.
I received the email by subscribing to a service on https://haveibeenpwned.com/ I advise signing up so as to be notified of any passwords that you should change. You can also check to see if there have been any compromises on your mobile number.
I recently started using a password manager to organise all my passwords and it is relatively easy to use. I am using a free one called 'Bitwarden' https://bitwarden.com/. You can conceptualise it like a safe containing all your passwords and you only need to remember the password to the safe to gain access to all your passwords and/or generate new ones.
Many people use words and names that can be cracked relatively quickly using a technique called a 'Dictionary Attack' where the hacker uses a large list of the most commonly used passwords from previous security breaches. It therefore stands to reason that a password that isn't actually a word is harder to crack.
Password managers will generate passwords that are special characters, symbols, letters & numbers. You can choose the kind of characters it will contain & how long it will be and also do a quick check to see if it has already been used online.
Whenever you sign up to a website and are asked to make up a password, you can generate one and copy & paste it into the fields (this avoids typing mistakes). You then save the entry in the password manager for safe keeping. The password manager can be on all your devices so that you have access to your passwords whether you are using a computer, tablet or smartphone.
Two-factor Authentication (2FA)
The other key security measure to put in place is two-factor authentication. This will require your usual login and an additional layer. This additional layer attempts to zero in on who is attempting to login by requiring the user to enter a unique (and timely) code that is sent to the legitimate user's mobile phone. There are other methods like authenticator apps that generate a code every 30 seconds or so. 2FA is highly recommended.