Ideally, having a different password for each site, and remembering them in your head would be best. But honestly, in a world where each website has a different, highly specific, password policy, it is hard to keep them all in mind. For Windows, KeePass is my favourite solution as a password management tool - simple, sturdy, no-bs kind of software. Whenever possible, I also aus two factor auth, to keep as safe as possible.