I use 1password. The main thing it does is keep all your passwords in a central place and uses browser extensions to fill in the fields. Not having to remember any of your passwords has the side benefit of freeing you up to use long, randomly-generated strings of characters. This is significantly safer than a human-rememberable password.
The tradeoff is that the master password has to be really strong, but easy to recall because you'll type it in once for each time your computer wakes from sleeping (your master password should be entirely original and not a derivative). It also means that if someone had your master password - and the encrypted 1password file - they would have all the passwords. I have chosen to make that tradeoff, and continue to be happy with it. The most important way to mitigate that risk is 2-factor authentication.
You should be using 2-factor authentication on every site that has the feature. The most important thing you can do at this moment is change your gmail password and add 2-factor authentication if you haven't yet. Your primary email is the gateway to password resets.
To get started: remove any saved passwords (and delete cookies) from all your browsers; you don't need them. Turn off the browser option to save passwords. Install 1password. Then whenever you go to a site and need to login, do a password reset ("forgot my password") and use 1password to set a randomly-generated password and store it. Pretty soon you will be safe on the internet :).
The strategy I'm describing is very common and becoming more so. The 1password iOS app is an awesome counterpart to the desktop app. Use iCloud or Dropbox to sync to your phone.