Despite years of warnings, people continue to use the same username and password for multiple accounts. There is a move to other indentification methods like multi-factor authentication and biometrics.
Have a “serious” browser and a “fun” browser. Keep them separate

Zach Jones, senior manager, Threat Research Center, WhiteHat Security:

Many attacks on users including actual “hacks” and social engineering attacks rely on the victim being already logged into some valuable website; your bank for example. Social media and online advertising are great platforms for malicious actors to spread these attacks, however if you’ve never accessed anything worthwhile in the browser that is being attacked, the exploit will fail. Install at least two modern browsers on your system. A “serious” browser should be set to automatically delete cookies, cache and other stored data every time it is opened or closed. It is also helpful to install some privacy plugins like ad, script, and active content (Java Applets/Flash) blockers. Only do “serious business”, things like accessing sensitive work websites and banking in this browser, logout of the site, and then close the browser immediately. Have a second browser with all the nice conveniences, for your fun online activities.