Depending on your degree of paranoia, technical expertise, and tolerance for inconvenience:
Simple: always browse in porn mode (my term for browsing InPrivate/Incognito/whatever mode leaves no local record). Minor inconvenience, minor tracking win. Cookies and cached credentials shouldn’t survive your current session.
Simple: Use a convenient password vault like LastPass. Allows use of different strong passwords across many locations with browser integration. Much more secure than using a single password everywhere, but you are taking a big dependency on their password cloud storage. I use this for personal things of low value, say <$50 exposure in case of a breach.
Medium: Use a more secure password vault on a physical thumb drive. Something like KeePass, maybe. You eliminate the dependency on a third party service and substitute it with ownership of a physical token (the thumb drive). Folks I know with much more reason to be paranoid than i have use this method. Backup management of the password database is important.
Complex: Recreate your work environment on a regular (daily) basis using virtual machines. Never access the internet or email from a real, physical (host) machine. This requires some expertise with image creation and management, but it gives potentially huge wins re:exposure. Bugs that allow escape from a virtual machine environment are rare and handled at the highest priority. A hacked vm can be reimaged in a couple minutes and sensitive data can live on the host machine, safely out of the vm’s reach except when you genuinely need to risk it. This is the most paranoid solution I’ve run across, and also the least convenient.