For Email Addresses
I've touched on this before but this seems like a logical place to repeat it. This time I will not include the details and "why"s but will simply make the recommendations: Some websites may have these very same requirements but many do not..
I like to be able to recall passwords, so I have a "pattern" that I use to assemble mine: For instance, I might use my old college ID number for a repeatable part of the password. Then I'll put a Special Character before and after it. On top of that I'll add a word or letter at each end of the password. So my password might look like: "ME%5C3E2_YOU. Now if I need another password I can base it on that one by simply changing something in it such as the first word, the Special Character to the right of the first one, add say 3 to the number in the middle, or even a new one based on another series of easy to recall but not current or used numbers, Lengthening the password, etc.. I'm sure you can see the possibilities.
NEVER repeat using the same password for more than one place! OTOH, I violate that rule myself if it's a site that has absolutely no personal information about me and someone guessing my password would get only mundane information. I'd use that for say the password on my Honeypot account, Wikipedia, some news sources that don't collect any data on me in order to use them, and the like. But NEVER for a bank, store, anyplace that might have my identity information or purchase histories.
In total, I have 4 main e-mail addresses:
One for use with trusted, security minded friends,
One for non-secutity minded friends,
One for signing up for accounts,
and a HoneyPot.
What's a HoneyPot? It's a trick e-mail account that has NEVER been used to Send or Receive ANY e-mail by me! In fact, my ISP lets me set it so I can't Send mail from that account and can only receive mail. But, since I never use that address, and no one knows what it is, it should NEVER GET any email either!
Should I Receive ANY e-mail at that address, I know that somehow, somewhere, one or more of my accounts have been compromised! That in turn tells me I need to change ALL of my passwords pronto! And I do, though it has not been hit with any mail in over two years now. Then I immediately delete that account and replace it with one with a different email address and a new password, to keep it pristine.
And finally, I periodically change the passwords on all of my e-mail and website accounts periodically just to be safe. It's highly recommended.
Best of luck, and good luck! I hope this has helped you at least a little!