One tip I just thought of... ALWAYS use different passwords for accounts at different sites. If one site gets hacked and they get your email and password from the site, the problem will be limitted to that one site and the site should take responsibility. Also, not all sites store your password securely and it may be possible for an insider working for that site to get your password. Using a different one for every site minimizes the risks involved. This kind of thing happens far more frequently than most people think!
To "remember" all the sites and their passwords I use a tool called
Password Safe, which I know is secure, as the code for it is freely available for inspection (i.e. I know that the passwords I input are not being secretly sent to someone over the Internet). The basic idea is you "lock" all passwords in a "safe" that's protected by a master password, which is never used for anything else.