WTF does it matter?
Every jumped up little upstart wants me to have a user name and password, even though the information they have on me is insignificant. What do I care if someone hacks my details in Fishermen's Wives' Knitting Monthly? Anyone with any sense doesn't tell Facebook or Google etc. anything true about themselves. For example, Apple requested a credit card before I could use iTunes. I had to submit it to get anywhere (must be illegal now?), but once set up, I removed my financial details and now only download free apps - actually, I use a secure browser and view all the equivalent internet sites through that, with adblock on.
So that leaves bank details, Paypal and the like. They have their own two-factor security, and using different email addressees to access each improves that further.
So, guidelines for the worried:
1. Don't worry about password security for the numpty sites. Use a sacrificial email address instead.
2. Always use a trusted third party for purchases on line.
3. Use secure passwords, and change those occasionally for the really important things like banking - I suspect you will only have a few to remember.
4. Don't store anything sensitive on your fondle-slab - use a secure browser to do your banking etc.
5. Most apps seem to be developed by 12 year olds, who have no idea of user acceptance testing, so don't ever give anything away to them, apart from a pack of lies.
6. Don't user GMail or Hotmaill addresses. They look unprofessional, and Google and Microsoft are allegedly notorious for blocking the wrong domains and snooping on your content. You have an ISP. They often supply more than one email address, so use everything they can let you have for free.
7. Trust no-one, Grasshopper.