Different password for each website. (I know this will suck but its effective, maybe use Last Pass if you cant remember it)
Use phrases instead of one word/mix match of letters since theoretically it can be brute forced in seconds.
Use Two Factor Auth
Dont share passwords (duh)