1) Don't use the same password for every site. I know it's a lot of trouble to remember 300 different passwords, but with services like https://lastpass.com/ you can stay secure and only need to remember a single password.
2) Use long passwords, made of easy to remember word combinations. A password like "A$*&37bn" will take between 1 minute and 1 day to crack, depending on the tools a hacker has available. A password like "SymphonyDogEatsCabbage@5" will take centuries to crack, even when they steal a password database.
3) Be cautious of any web site that limits you in password length or in the characters you can use. Web sites like nmgco.com (New Mexico Gas Company) store your password in plain text. This means that no matter what password you use, it can be stolen instantly if someone breaks into their site. If a site does not let you use symbols like #$?" then you know your password is not encrypted, and can easily be stolen if someone breaks into their computers.