Use a password manager
Your passwords should be at least 16 characters, extremely complex and unique for your accounts. That’s hard to do by yourself, but password managers like 1Password or Dashlane can be used to create and remember your passwords.
Are you currently using a password that has been exposed in a third-party data breach somewhere? You can check to see if you’re using a risky password by visiting haveibeenpwned.com/Passwords.