TL;DR

• Use a password manager and generate (30 character) long random passwords!
• Do enable Two-factor authentication where ever possible (but, it is better not to use SMS if an alternate option is available) sites that offer 2FA
• Do not reuse passwords!
• Do not use information about yourself as a password (e.g birth date)

Popular Password Managers:

• Keepass
• 1Password
• Lastpass
• A physical notebook

More good security advice: http://nothingofvalue.org

Resources

• EFF Surveillance Self Defence - Playlist
• How to choose a good password - Troy Hunt
• How to Choose a Password - Computerphile
• Generate passwords
• Diceware
• Passwords unmasked
• GRC haystack: Brute Force Password “Search Space” Calculator
• Dropbox: JS Password strength meter - zxcvbn
• Kaspersky: JS Password strength meter