Ironically, when I click on the link for haveibeenpwned.com I get:
"This site can’t provide a secure connection
haveibeenpwned.com uses an unsupported protocol.
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."
Hm, maybe your browser's settings have something off for HTTPS? when I opened haveibeenpwned.com/ on my end (Chrome) it loaded properly and automatically added that HTTPS prefix.
Change your passwords on a weekly/bi-weekly basis. There are apps that can do that for you but staying local is more secure. Don't forget you bank. I have 19 sites that need a password. It's a waste of time changing my security information that often. If that's too often then it's you that is choosing to get hacked.
There are anti-keylogging programs that can help avoid closer hack attacks.
An IVPN can help. While something like CyberGhost free can help paid services are usually more secure than free services. Security programs like AVG have integrated VPN trials which you can then upgrade.
Use disposable eMail account names whenever possible.
If your network is hardwired you can disable your Wi-Fi radios.