This article is part of my Cybersecurity Hygiene Series - I recommend reading the background information about the series first to understand how these tips are structured. See this post: Cyber Security Hygiene.
Use Multi-Factor Authentication
If you haven't already heard about Multi-Factor Authentication aka 2-factor aka Two-Step authentication then have a pre-read about Multi-Factor Authentication on Wikipedia first. In a nutshell, multi-factor authentication usually ends up being either a code you type in from your phone or a bio-metric scan like your fingerprint or retina. In the most simplistic terms: it is something in addition to just your username and password that is required in order to login.
Why?
The benefit of enabling multi-factor authentication is that even if someone manages to get your username (which in many cases is your email address) and your password, they still don't have enough information to access your account and since the 2nd factor is ideally something that you have in your possession or are (a bio-metric) such things are very difficult from a criminal to get!
Many options exist for MFA and it depends on the service which varieties are be supported. The least secure option is to use SMS (phone text-messaging) as this can be spoofed by a criminal fairly easily but it is still better than no MFA at all. If you have the choice using a physical token like a Yubikey or similar device is the best option, but Time Based One Time Password (TOTP) generators like 2FAS that run on your mobile phone are also very good.
Why am I not recommending "Google Authenticator" or "Microsoft Authenticator" or "Authy"? You may have heard of these before and they are just as secure as 2FAS, but they tie you to a specific vendor. If you ever want to change to a different app or if you loose your phone and need to restore all the entries it can be difficult (or impossible) to do if you can't get the same app again. 2FAS allows you to export all your MFA codes so that you control the backup (it can also be configured to backup automatically to the cloud service of your phone vendor) which can be a real life-saver if you loose your phone.
You should also review the article about MFA Fatigue.
Bonus Tip:
If it's possible try to register a backup multi-factor or store the "backup-codes" some systems provide in a secure offline location or in your password vault. This can save your account in the event that you loose your primary MFA device (like a phone or token)