So, ignoring for the time being whether hackers are scum of the earth, new age anarchists shining a shit beacon on crap corporate security or both - what is the ideal method for end users to maintain security given that this sort of thing is always going to be with us.
In the olden days the stock advice was seperate passwords, all changed regularly. With so many different online venues all requiring of personal logins this is now no longer viable - or at least it's only viable if you keep a post-it note of passwords, or a password pattern like "password1, password2, password3" - which is kind of defeating the object.
So, lately I moved into "low, medium and high" passwords. I only have to remember three passwords - one for forums, facetube etc, one for "middling" security (generally games), and one for super duper high security that's only used for bank + credit card. This worked for a while but I'm now constantly changing my low and medium security passwords as forums and now games are hacked daily.
I've tried utilising the fact that the username forms one half of the equation and using different email addresses for each site - this obviously is easiest with your own domain such that firstname.lastname@example.org gets sent to you. Trouble with this approach is that when I forget passwords and have to use the remind-me service I can never remember if I signed up with RPS@domain.com or RockPaperShotgun@domain.com.
So - given that hacking will always be with us, given that someone learning your email address and password for Obscure Forum X will likely then try that same combination against Facebook, Steam, Amazon, Paypal, banks, credit agencies, MMORPGs etc - what are folks preferred strategies for keeping their junk secure?