It is always recommended to use different passwords for each site since using the same one for everything is very risky, it is also recommended that they be strong (with uppercase, lowercase, numbers and special characters) to avoid that someone can guess them, and also change them every some time.
It may seem crazy to have 5, 10 or more different passwords that are difficult to remember, but that's why we have invented password managers that remember them for us every time we need them.
But nowadays the security of the passwords is put in doubt by the numerous leaks that have occurred in important sites, they are also relatively easy to obtain through phishing attacks, sniffing of infected networks or computers and in these cases by more complex than be a password they steal it from you.
Even Mark Zuckerberg, the creator of Facebook, was recently hacked by Twitter, Pinterest and LinkedIn accounts due to a data leak that occurred in this latest social network, since he used it in all three services.
Passwords as a login method will continue to be used, although they will gradually be replaced by more technological alternatives that may even be more practical, a clear example of this is the fingerprint reader that comes on all smartphones and that replaces the classic one. PIN.
Activate two-step verification:
With two-step verification, the idea is that if someone manages to steal a password, they must still complete a second step to gain access.
This second step is usually something that users have and we can physically control such as the phone to receive a code that arrives by text message, an application that generates them randomly (such as Google Authenticator) or a voice call.
Although this second step can also be violated (for example, when you have enabled the preview of messages), there is no doubt that it becomes much more complicated for an attacker.
Services such as Twitter, Facebook, Gmail, among many others include them and are very easy to configure. You can even use third-party tools like Latch to incorporate a second verification step in various services and platforms such as WordPress or Prestashop.
Gmail (and Google services in general) also allow the use of USB security keys or Security Keys They are small USB devices that use cryptography instead of verification codes and must be connected to the computer as a second authentication step.
Google is in charge of configuring the key automatically to be associated with the account, this is done from https://myaccount.google.com and then accessing Login to Google / Two-step verification. In case of not having it available or losing it, you can continue with the login with another verification method such as SMS or Google Authenticator.
For a long time I have one of these keys that they gave me and the truth is that it works very well having the use of the Chrome browser as the only requirement.
The kit also includes a USB charging cable for the mobile that blocks unauthorized data connections. By means of a small button it is possible to change between two modes that are load + data or just load which also increases the speed with which the battery recharges.
This is especially useful when using public chargers or charging the cell phone on an unknown computer, since having data exchange enabled can attack the device to try to steal information.
The USB keys used by Google are those that comply with the FIDO U2F (Universal 2nd Factor) standard, on this page of the help center include links to the Amazon store where they can be purchased. In addition, other services, such as Dropbox, also support them as a second verification factor.
Also as an alternative to the charging cable that I mentioned before, you can use USB adapters like the following one from the PortaPow brand and also available on Amazon, they fulfill the same function by blocking the data transfer.
If you don't have two-step verification activated yet, I recommend that you activate it, at least in the places where you handle sensitive information such as email and social networks where hundreds of chat conversations and private messages are generally stored.
This way if you ever have your password stolen you will have an Ace up your sleeve.