1. Use a password manager. You can make mini databases for both a personal and project stance. For example, KeePass, which is free, has an in-built password generator and can automatically enter your username and password into websites. There are mobile app versions as well for using your passwords on to go, without relying on cloud-based password managers, some of which have been breached before, such as LastPass, Dashlane, 1Password or Chrome Sync. You can find more alternatives here. Some antivirus programs have them built-in, but I'd personally recommend KeePass as it is entirely offline. Apps such as KeePassDroid can sync it with a file on the cloud.
2. If you can't use a password manager, then make pass phrases instead of passwords. This XKCD article has a good example.
3. Have I Been Pwned is a useful renowned website for letting you know if any data have been leaked. You can enter either your email or password, and it will do a search on the leaked data and let you know which accounts are vulnerable.
