|Source Flickr: Lou_Lou Chan|
There's not a 100% secure way of securing web sites, there will always be flaws in the system that are beyond your control (like the latest Target credit card heist). But as a user, there are a lot of things you can do to ensure that whenever a site gets compromised, you don't have to worry your other accounts are in danger.
Single email address per accountFirst of all, if you have a Google account there's a nice trick you can do that your have only one email address assigned with an online service. A regular Google mail account looks something like <username>@gmail.com. But when you register with an online service, you can enter <username>+<servicename>@gmail.com. So, whenever this service gets compromised, you can watch suspicious emails entering on <username>+<servicename>@gmail.com and filter them out.
If you use another mail service (or have a mail service of your own) you might want to use a wildcard to accept emails, so whenever you signup for an account you can just use <servicename>@yourmail.tld.
Use one password per accountSecondly, I can only urge you to use a password tool like 1Password, LastPass or KeePass. Because you only need to remember a single password, the password for the tool itself and from that point on, you can have a different password for each account you create.
I use 1Password myself and I'm pretty happy about it. I now have for each account a different password, and I use it even for generating (and remembering) database passwords, keeping track of my loyalty programs and even store hash keys I use to connect to other servers using SSH or SSL.
|1Password interface: clean, very convenient and secure|
But also using it for your databases, credit cards, loyalty programs and whatever thing you need to remember securely. And you save it securely with your "master" password on your computer. Just make sure this single password is the most difficult one to remember. Using a quote from a book or a movie is always a great way to secure things with a passphrase, especially when you combine 2 quotes in different languages. This ensures no one has direct access to those passwords when your computer gets stolen. I'm saying "direct access" and not "no access" as people can still try to break in once they have direct access to your computer.
Limitations on the webEven when I'm using a password tool to generate automatic passwords, I sometimes stumble against web sites that have strict regulations on how passwords should be made. You might want to think twice using a service like that because for passwords you should be able to use any character at your disposal and as long as you want it to be.
For instance Microsoft has a limitation of 16 characters for passwords on their services.
|16 Character limit on passwords by Microsoft|
Your web applicationsWhen you build a web application with authentication, be sure to allow people use whatever password they want, even if they want to paste in the whole Macbeth book.
On the backend you might want to use PHP's password_hash that's now being provided by PHP 5.5. If you haven't upgraded yet to PHP 5.5 yet, check out Anthony Ferrara's talk on password hashing, he even has made a video of it.