Generally you should not let your Web browsers ( FireFox, Chrome, Safari, Opera, IE, Microsoft Edge, etc ) store your passwords, since passwords saved in web browsers can be revealed quite easily.
Enabling two-factor authentication is essential to web security as it neutralizes the risks associated with passwords being compromised. Even if the a password is compromised, hacked, guessed, or even phished, without approval with two-factor authentication, the password alone is of no use.
You can prevent brute force login attempts on your dedicated, cloud, VPS servers by installing a intrusion detection and prevention software such as Login Failure Daemon or Fail2Ban.
Unless it is a trusted source and you are able to verify the source, do not click the link in the message, as attackers use these messages to compromise your password by sending you to a fake login page where they intercept your data.
With social media, you may have limited your network to friends only. But did you limit your profile information? Generally people share their birthplace, pets names, favorite foods, etc on their social network profiles, and with this information, it is can be enough depending on the security questions used to unlock your accounts, and give the attacker full access.