When people hear about all the data breaches and am ask for advice, the best suggestion I give everyone is to use a password manager.

Password complexity requirements aren’t very helpful, it’s length and making each site unique that works best.

I also recommend multi-factor. It’s not if, but when you password will be leaked. So having a secondary method to authenticate prevents your security from relying on one piece of data.

For myself, I use LassPass mostly because it’s what worked for me at the time when I was looking for one. And it has a lot of authentication methods.

One scenario is that you lose your authentication device i.e your phone. To fix this, you can get one-time recovery codes. LastPass has a cool feature with Grid Authentication that gives you a unique grid, which is then references by column and row. This isn’t that much more secure, but it is reusable so if you’re ever without your phone for a while you have a way to continue to use multi-factor authentication.