Do not reuse passwords on multiple systems. If a password is compromised, you want to limit what data/information is exposed.

Use complex passwords or phrases. Do not use passwords or phases that are easily guessed or associated with security questions.

Use a password manager. To help facilitate the control and use of complex passwords, a password manager can be very beneficial. Do your due diligence as a breach of one of these services could potentially expose you more!

Use multi-factor authentication when available. With multi-factor authentication enabled, it's much less likely an attacker will be able to obtain all information to gain access.

Rate limiters can lock out accounts after a certain number of failed attempts and mitigate brute force attacks.

Secure account recovery can assist in authentication by including randomly generated reset tokens sent over https:// with a short time-to-live (TTL) to limit threat action time.

Secure session management can also provide an added layer of authentication by forcing timeouts on idle sessions and reauthentication.