If you're both using >12 character passwords with numbers, upper/lower case and special characters then the hacking didn't happen by brute force or guessing. Your password was more likely stolen from another website and then used here. 12 characters password with numbers, letters, upper/lower and special characters would take year to 'guess'. Too hard. They'd go after someone else. This means you used th same password elsewhere, which is a no no.

I use LastPass. One very strong password to remember. And then I can use the toughest unique passwords all around the web. I strongly advise everyone to use them or someone similar.