1. Incredibly stupid and easy to guess passwords/hint questions; anybody who knows/follows these stars online know the names of their pets, their dates of birth etc and they should know better than to use such lame clues.

2. Used the same password in a dozen different places, many of them with questionable security policies.  Ah, you've registered for a 'free access account' on some porno site and you've actually used the same password on it as you have for your gmail account? If that site gets hacked, the attacker has a bunch of usernames and passwords and they go around seeing if the users have been stupid enough to have used the same passwords elsewhere, and guess what? They get lucky very often.

3. Fallen victim to the oldest trick in the book; phishing.  Don't click on any link in a mail supposedly sent by your local sysadmin or by Google or Facebook, in which you've been asked for your username, password and other details.

Here's where it get's scarier; once a cracker gets access to your email address, they can run rings all around you; they click on a different site and click on the 'Forgot password' link.  Many, many sites simply send across a new password or a link to reset the password, by email, to the same compromised email account.  Within minutes, they can control pretty much every account you have. Password management has indeed become an irritating chore, but don't take it lightly, unless you wish to be owned by somebody else.