Yes, "use a different password everywhere" is one of the common pieces of advice. I don't see how that's possible unless you also follow the common advice "use a secure password manager" - where the idea is you just memorise one very strong password and let the app generate meaningless different passwords for everything. I know some people who speak very highly of LastPass. I could never be bothered with that, but the Google password manager is integrated with Chrome and Android and very easy to use. So like you, I have some old insecure passwords I use on sites I signed up for long ago, although I have checked nothing important is on any of those. I have a few memorised very secure passwords for banks and my Google account, which also all have 2FA. And everything else is random generated gibberish I don't remember and don't need to because I never need to type it myself, just let my browser or phone auto fill it.
Bitwarden is generally highly regarded and gives good free entry point. Some find it harder to use than others. Biggest advantage of going outside your browser/phone manufacturer password manager is that it works when you're not in their world, but you'll often pay for that convenience. I use Dashlane for personal use and 1Password for work. Both are good. Was with Last pass before their security disasters. Nordpass is commonly mentioned but I think many of them are sponsored postings. You're not going to go far wrong with any of them.
Often a good starting point for most is to secure your email account with a unique good password and ideally multi-factor authentication. As you found, if they can get into your email (which is made more likely when its the same password as something else) then it makes sorting out other things much harder.
Yes, "use a different password everywhere" is one of the common pieces of advice. I don't see how that's possible unless you also follow the common advice "use a secure password manager" - where the idea is you just memorise one very strong password and let the app generate meaningless different passwords for everything. I know some people who speak very highly of LastPass. I could never be bothered with that, but the Google password manager is integrated with Chrome and Android and very easy to use. So like you, I have some old insecure passwords I use on sites I signed up for long ago, although I have checked nothing important is on any of those. I have a few memorised very secure passwords for banks and my Google account, which also all have 2FA. And everything else is random generated gibberish I don't remember and don't need to because I never need to type it myself, just let my browser or phone auto fill it.
Google's password manager is fine. Would avoid Lastpass given their security record
Thank you, both! Re password managers, Google Password does sound good. Someone else recommended Bitwarden - do either of you have any views on that?
Bitwarden is generally highly regarded and gives good free entry point. Some find it harder to use than others. Biggest advantage of going outside your browser/phone manufacturer password manager is that it works when you're not in their world, but you'll often pay for that convenience. I use Dashlane for personal use and 1Password for work. Both are good. Was with Last pass before their security disasters. Nordpass is commonly mentioned but I think many of them are sponsored postings. You're not going to go far wrong with any of them.
Often a good starting point for most is to secure your email account with a unique good password and ideally multi-factor authentication. As you found, if they can get into your email (which is made more likely when its the same password as something else) then it makes sorting out other things much harder.
NCSC have some good guidance - https://www.ncsc.gov.uk/section/information-for/individuals-families