One thing leads to another:
When a hacker gets a password to one account, it's often a stepping stone to a more serious breach, because many people use the same passwords on multiple accounts. So if someone breaks into your Facebook account, that person might try the same password on your banking or Amazon account.
It's particularly bad if the compromised password is for an email account. That's because you can generally reset passwords for other online services by clicking a "forgotten password" button, which will send a reset link via email. Anyone with access to your email account, therefore, can use it to take over and lock you out of your other accounts.
Many breaches occur because passwords are too easy to guess. What makes a password strong?
* Make them long. The minimum should be eight characters, but even longer is better.
* Use combinations of letters and numbers, upper and lower case and symbols such as the exclamation mark. Try to vary it as much as you can. "My!PaSsWoRd-32" is far better than "mypassword32."
* Avoid words that are in dictionaries, as there are programs that can crack passwords by going through databases of known words. These programs know about such tricks as adding numbers and symbols, so you'll want to make sure the words you use aren't in the databases. One trick is to think of a sentence and use the first letter of each word - as in "tqbfjotld" for "the quick brown fox jumps over the lazy dog".
* Avoid passwords based on your name, company name or home town. Avoid pets' and relatives' names, too. Likewise, avoid things that can be looked up, such as your birthday or ZIP code.
One other thing to consider: Many sites let you reset your password by answering a security question, but these answers - such as your pet's name or mother's maiden name - can be found out. So try to make these answers complex, by adding numbers and special characters and making up responses.
A second layer:
Many services offer a second level of authentication when you're accessing them from a computer or device for the first time. These services will send you a text message to a phone number on file, for instance. The text message contains a code that you need in addition to your password. The idea is that a hacker may have your password, but won't have ready access to your phone.
Facebook, Google, Microsoft and Twitter are among the services offering this dual authentication. It's typically an option, something you have to turn on. Do that. It may be a pain, but it may save you grief later.
One final thought:
Change your passwords regularly. It's possible that your account information is already circulating. If you have a regular schedule for changing passwords for important accounts, you reduce the amount of time that someone can do harm with that information.
You'll need to decide which accounts merit the effort. Banking and shopping sites are obvious, as are email and social-networking services. It probably doesn't matter much if someone breaks into the account you use to read newspaper articles (unless it's a subscription).
You should also keep your software up to date: many software updates are to fix potential security holes. And don't click on email attachments from unknown sources, these often contain malware, and use security and firewall programs, many of which are available free.