Don't use the same password on all sites. I know it sounds hard to believe, but many people have access to these passwords in an unencrypted form. It's therefore then quite simple for them to login to another web site using your data.
Create a complex password, mix it up a little and maybe use the web site's domain name in your password to ensure they are different between sites.
Provide answers to security or password reset questions which are really secure, i.e. that you are the only one to know. If you must answer standard questions such as 'first car' or 'first teacher' or 'favourite colour', the answer doesn't have to be the real one, invent one as long as you can remember it.