When I used to interview hackers for a living, I would go home and do the equivalent of showering after talking to a mass murderer or rapist: I'd immediately change all my passwords.
An article in the New York Times about poor password protection should alarm anyone who values their privacy or money -- especially if you use Facebook and MySpace since a company apparently unknowingly gave up the goods on 32 million users. The data were analyzed by good guys to find out what passwords people used. Sadly, they are the same ones used 15 years ago.
Simple Passwords Remain Popular, Despite Risk of Hacking
In the article, one of the industry's best-known hackers explains why we keep using poor passwords: information overload. He recommends that you maintain at least two passwords in your head. One can be semi-easy for stuff you don't necessary care to protect; the other should be difficult and used for anything involving online banking or e-commerce. The standard is to create an alphanumeric expression that is at least 8 characters long and doesn't spell anything you'd find in a dictionary or that follows a common numeric pattern (like 123456). Use of symbols such as $ and ! also are encouraged.
Some particularly sensative programs require you to change your password every 45 days or so. What I do to keep it simple is just exchange a lowercase letter with an uppercase one so that the pattern is the same but the computer sees it as a different password altogether. For instance, if I had been using bp!ogu23xv, I'd next use Bp!ogu23xv. Then BP!ogu23xv, etc. etc. If nothing else, it buys you time.
Here's a cool graphic you'll need to enlarge by clicking on it. It's from the NYT, too.