Rule 1. Never assume an organization is safe even a bank. Always give as little personal information as possible. Barclays bank sent my pin and login to the wrong address.
Rule 2. Have a different strong password for each web site.
Rule 3. If you store passwords on your machine make sure you self encrypt. eg. if you have a password "Steem123Steem" write down as tSeem123Steem
create a method only you would know.
Rule 4. Don't use the same method that everyone else is using or the same lock that everyone else uses.

Governments, Police, Inteligence agencies,

and Corporations will always try and blame you for being hacked, because your a soft target. 99.99 percent of the time its their fault. The information leak has come them