What kind of credit card only has a 2 month review limit?
Was it a debit card?
First thing you should do is switch to a company with more robust fraud protection.
as far as passwords go... try doing something like
or an anagram with numbers tagged on
timpw19 (this is my password 19)
Those should all be easy to remember but hard to hack.
Of course.. if you get a key logger installed it doesn't matter how good your password is.
Also, sometimes what hackers do is hack into an unrelated site that doesn't secure their passwords. This happened to me (I think).
I registered for a phpbb forum and phpbb does not encrypt passwords in the database (or they didn't at that time, they might now). I used the same email & password I use at paypal... whoops my account is hacked, despite the fact that my password was alphanumeric.
So, when the software being used is something I know encrypts passwords, like vbulletin does, I don't worry, but when its unknown software I never use my "secure" passwords.