Is your password the same for everything?When your password for your "Gmail" account is compromised, that person can also access your "Facebook" profile.
Try incorporating a 3 part password that is easy to remember but unique for each web site you authenticate to. For example, if your password is "goraiders" then consider adding a special character, upper case letter, and number according to sites you visit such as "GoRaiders$12345" for a banking site. Or "GoRaiders@1234" for your email inbox.
This is not a best practice within an agency or corporation. This is simply a reasonable thing to do for the type of person who refuses to complicate passwords to the extent which they can no longer remember their own password themselves, but still want to maintain the integrity of their banking even when their social networking site is hacked.