If you're looking for a cross-platform, cross-browser manager, we can thoroughly recommend LastPass.com. It's free for desktop use and $1 a month covers all mobile app access on most platforms, plus it's random-password generator means every password you use will be different.
If one miserly dollar a month is too much then try the free open-source KeePass.info; it's excellent, and mobile apps are available, but you'll need to manage the transfers of the vault file yourself.
Even with a password manager we'd still advise you not to store financial account details on it or even your primary email details, as loss of your vault password would open up all of your passwords.
3. Create stronger passwords
Some sites limit password length to 12 characters. Annoying! For ones that don't, www.xkpasswd.net, inspired by the XKCD cartoon, generates long, memorable passwords, and can throw in the curve ball of numbers, characters, capitalisation and padding as you see fit.
4. Verify-only email accounts
Using layers of security is a good way of working.
If you can place separation between 'unimportant' sign-ups - such as that forum you can't mention to your partner - and sensitive services, such as your bank accounts, all the better.
Use an extra email account to register for forums and the like. If these should get hacked or compromised it'll be far harder to trace any password, username or any personal information to anything else that could be more important.
Similarly, consider using personally-identifiable services such as social networks on yet another email account. While perhaps not as sensitive as such, hacked accounts can cause real-life headaches and provide hackers with personally-identifiable details.
5. Ring-fence vital services
Many of these problems come from us being human and succumbing to laziness.
In a way, pretending that we're never going to be lazy doesn't help, but should certainly mitigate this lazy behaviour.
At the absolute minimum, try and ring-fence your behaviour when it comes to vital financial institutes and your primary email. Use unique and complex password for each.
To a degree, many banks have cut-out laziness and enforced TFA solutions, so it's a mute point. Even Google offers TFA for its accounts and you should consider activating this if it's your primary email, as it's your last line of defence.
