Choosing passwords: You can do it "right" or do it "wrong".
Doing it right entails choosing different passwords for every site you need creds for, for some people that is easily over 100. You would need to store that list somehow manually or with a password manager.
Doing it wrong means using one password everywhere (or in my former setup three, one for banking, one for commerce, one for everything else).
Both have "pros" and "cons" that I am sure everyone is aware of.
I am using a new scheme now based upon trying to keep the pros of both with the cons of neither. Please Poke a Hole if you can!
New scheme is this: password consists of three parts, prefix, infix, suffix; The infix is some easily memorable but disjoint and unique phrase like "marTyism0zart", (not my real one), the prefix and suffix are derived from the site you are login into via some homemade transform that you always use.
Let's say my transform, a simple one for illustration, is just take the first two letters of the domain and for the prefix and the last two for the suffix, shifted by one letter. So ip=jq and vm=wn so the whole thing would be jqmarTyism0zartwn. But the key is to use make up your transform yourself. Then you can just remember one phrase and one transform and have unique passwords on all sites without storing them anywhere? Holes?