Maybe you have heard of Two Factor Authentication, or Two Step Verification? It's a huge step forward in securing your information online. It means, to log in, you must have something you know and something you have. Meaning, you know your password, and you have your phone.
Once you enable it, even if someone gets your password, as long as they don't also have your phone, they cannot get in.
You should turn this on today.
To take this one step further, on your phone, you should ensure that text messages are not visible until you log in. This way, even if they happen to have physical access to your phone, there is one more layer of security. To do this on an iPhone (currently):
Notifications>Messages>Scroll to the bottom and make sure it looks like this:
The first place you need to enable two step authentication is your email account. This is because your email is the one key to all of your other systems. Once an intruder has access to it, they (a) learn about all services you use, and (b) can reset most of the passwords of those services, which will be hard to recover from. Many of those services are free and as such lack sufficient human support to correct this.
Two Step Verification Links for Major Sites
All major services will allow this now. To find it for any service, look for your profile, then a security section, which is generally where they put it.
Any services that uses "Security Questions" such as your mother's maiden name, should be avoided if possible. This method is extremely weak and if it is still being used, it's a sign they are not keeping up.