You should have a unique, secure password for every website you use.
Your passwords should be hard to guess. Hackers use computers to try and log in with hundreds of different passwords until they find the right one. If you use short, simple passwords containing real words your password is not secure.
"Nearly 50% of people use names, slang words, dictionary words or trivial passwords [such as] consecutive digits, adjacent keyboard keys, and so on. The most common password is 123456."Impervia
A secure password should be long (preferably at least 8 characters) and not resemble a real word. It should be a mixture of lower-case and upper-case letters, numbers and symbols.
You should have a different password for every website in case someone finds out your password. This might happen if a website gets hacked, if you access a website on an unsafe computer (such as one with a virus), or simply if someone sees you type in the password.
If someone does find out your password for one website, and you use the same password on other websites, then they can freely access your accounts on other sites.
When the PlayStation Network was hacked, members' "name, address (including postcode), country, email address, birthdate, password, login, [and] password security answers ... may have been obtained."guardian.co.uk
Remebering all these secure passwords is very hard to do!
Writing down passwords is not a good idea. If someone finds your list of passwords then they can access every account on every website that you use.
Some people use special websites or apps to store their passwords. This means you are either saving them on your computer or sending them over the internet and trusting a third party to keep them safe.