If you're doing anything online that you don't want to be tracked it's worth looking into Tor and if you share a computer with anyone multiple user accounts might not be enough to prevent your most sensitive data. Consider an encrypted area with TrueCrypt or encrypt files and folders with GnuPG. I wish more people used GPG, it's freaking brilliant but I only have two friends who use it, so that's only two friends I can talk to when I decide to wear my tinfoil hat. For the record I haven't got anything I'm that bothered about hiding but I've done a degree course in cryptography and it's fucking cool so I fiddle with it. Another great thing to do with TrueCrypt is to encrypt your whole drive. You'll need to put in your passphrase (or password if you like, but I like 50 character phrases with numbers and punctuation and varying capitalisation) every time you switch on your computer but if you have a laptop with sensitive data on it (credit cards or work-related stuff) then if your laptop gets stolen you'll be so glad you encrypted it. Boot up passwords and log in passwords rarely make a difference to anyone who can just take the hard drive out of your laptop but if you encrypt it all then they can't get anything. Also if you encrypt everything it means they don't know where to start looking whereas if there's a bit that's encrypted they know which bit they want to break. I'd still recommend at least two levels of encryption for the really sensitive bits though (bank account details, terrorist plans and ideas for mother's birthday present) just to be safe.
Oh, if you're on wifi network shared with anybody else it might be worth encrypting all your outgoing communications using either TOR or piping everything to a remote web proxy via SSH. I tend to do that sort of thing on public networks. If you don't know what I'm talking about then it probably doesn't actually matter anyway, choose a level of paranoia appropriate to the sensitivity of your data and how much technical stuff you're willing to learn.
Here's a simple tip for everybody though. You know sometimes websites require you to enter security questions to recover your password? Don't use those if you can help it, but if required make sure to enter something long and unintelligible as the answer because that can often be the weakest link in your security. Of course if you do that then you can't forget your password so also don't forget your password.
I'm registered on loads of websites and I only have about three passwords which fits with what OiNutter was saying. I'm currently working on phasing out my insecure password though because I had to tell it to somebody once so whenever I log into a website that still has that password set I change it. I think where my security fails is that I've used the same passwords for quite some time, I really ought to change them at some point although I'm still fairly confident that nobody knows the ones that matter. Also for crypto I use passphrases with letters, numbers and punctuation.
Another tip, use your most secure password for your email account because if anybody gets into that it's game over for most other websites. Even if the password is different for other sites most will send password reset requests to your email account so that's normally a single point of entry for someone who might want to take over your entire online persona or whatever.
I did think originally that talking about my security habits might be a bit of a security risk but on reflection I've done a crypto course and various courses about web applications and security. Consequently the underlying message behind all this is "don't even try".
