| I would recommend using LastPass as a password manager. Here is some advice I recently wrote up on passwords. In regards to Heartbleed, the Security Check that LastPass offers will help with that in terms of notifying you of the sites that you should change your passwords on since they were vulnerable to Heartbleed, but really all sites could be vulnerable to it, so I would recommend changing all your passwords fairly frequently over the next few months. As long as the password is not contained within a list of commonly used words and isn't in the dictionary, length is the most important thing. The second most important thing I would say is using the widest variety of characters possible including lowercase letters, uppercase letters, numbers, and special characters. You want to generate a secure password from a password generator such as GRC's Password Generator. I always generator my passwords to be 50+ characters but everything over 15+ characters will be fine. Also, make sure you change your passwords every 3 months and don't share your password with anyone. Lastly, store your passwords securely using a password manager such as LastPass (https://lastpass.com/). You should have a strong master password with LastPass and use two factor authentication. You should also use two factor authentication with all of your other accounts that offer it. If a site requires a secret question, make sure the answer to that question no one else would know or make it a password or phrase that you would remember. Don't reuse passwords on other things as well (only use the same password once). Make sure when you are logging in that the site is using HTTPS (the browser addon HTTPS Everywhere can help with that) and you aren't logging in from a public network such as from Starbucks. Even if you are logging in from a private network, I recommend using a VPN that uses encryption such as proXPN. For your home or office network that you are logging in from make sure it is using WPA2 encryption, it has a random network name, a secure password, you have changed the default credentials for the network settings to something secure, you have disabled WPS, etc. That is all I can think of right now in terms of password security, but those are the main things that you should focus on in terms of secure passwords. |