I highly recommend having random passwords for every site you have a account on. If you can’t do that, then at least have different passwords for accounts that have payment related information in them. Why? If an attacker got access to your account,then they just got access to all your other accounts as well!
Below are two tips that I found online that don’t make complete sense to me and they highlight how random passwords are solution.
Once you have a strong base password, you can use it to create individual passwords for each of your online accounts. Simply add the first three letters of the service, e.g. “E1d_1D!4Y:)GMa” for your GMail account or “E1d_1D!4Y:)eBa” for eBay.
Assuming the attacker got access to one of your passwords, and they noticed the pattern, they can easily pivot to your other accounts using this password “strategy”.
Choose two short words and concatenate them together with a punctuation or symbol character between the words. eg. “seat%tree”
GPU based password cracking will breeze through this type of password. Sure it is easy to remember, but this password “strategy” gets you nowhere.