Sometimes ambling across this interweb takes you somewhere that grips your attention, and genuinely gives you food for thought. This video from Dr Mike Pound, Nottingham University is one of those times.
If you can't be bothered to watch it, then just change all your passwords now. If you do watch it, you'll understand why
So in a nutshell, the longer your password is the better. Maybe go with 10+ characters, don't add numbers at the end, add them randomly in the password. Add non letters like the @ or # signs. Mix upper case and lower case, and steer clear of actual words
The one that got me was if you replace "E"'s with "3"s or "I"s with "1"s, you are making hackers job easier as lots of people do this, so they assume you will do it.
So the old advice really does stand up. Have a long random character password for each service you need to log in to. Where you keep all these passwords is the next question, but there are numerous options and digital vaults from the likes of Norton, to apps you can download. Just search digital password vault on Google.
If a service offers two stage authentication, ie you need to add a third piece of information to login such as a series of numbers randomly generated from a Google authenticator app, then make sure you utilise it.
Even with your password compromised, then currently if you have 2 stage authentication, johnny hacker still can't login. Unless of course Dr Pound shows us otherwise