I recently read about the attack on wikia (thanks to penguin) and it let me come up with some really handy tips for handling your passwords. Hopefully you guys will learn a bit about it! Make sure that you leave your own tips in the comments down below if you know any that are not mentioned. =)
Change your passwords on a regular basis
Even though it is extremely annoying to do so, make sure you change your password once in a while. It might not be the best solution to preventing your account from hacking, but it will definately help prevent smaller incidents and help delaying passwords obtained using e.g. keyloggers.
Never cross-use passwords
Be careful of using passwords for different online services. Make sure for example that when you give up your email address (even if it's not your username) you never use your email's password. But why would you do this? Because you are not sure that whatever webservice you utilise, the passwords are stored securely. Even one simple site that has a bad security system that has been hacked could cause a lot of havoc to all your related accounts.
Even though having slight variations could be a bit safer, it still is recommended to use a completely new password for each service.
Prefer long simple passwords over short complicated ones
They always tell you to use a password with at least 8 characters. That was perfectly OK in 2010. However, nowadays such a password is cracked in a matter of hours. A password of around 12 characters is quite safe, but might share the 8-long-password's fate in a few yeras.
Having a long, but easy to remember password is safer than a short hard one. Because of how brute forcing works (just try all possible passwords); a hard password like k1F-13fg will be cracked in 3 days, whilst ilovechocolatemuffinsthatarebakedinafreshoven (even though it is relatively easy to remember) will practically never be guessed.
Make sure when you use 'simple' words that you glue at least 4-5 words together. When hackers use e.g. a dictionary of 5.000 basic words to guess, it would still take 5.0005=3.125.000.000.000.000.000 guesses before they have actually got your password. This contrary to sentences like ilovecake which would take only 5.0003=125.000.000.000 guesses. Also adding random characters and capital letters will increase the security vastly.
For the real nerds around us that want to remember 128 random characters: feel free to do so.
Store your passwords, but safely
Everyone forgets their passwords from time to time and it certainly isn't a bad thing to store your passwords somewhere. Make sure though that when you write it down on paper, you put the paper out of sight. If you choose to store them digitally, make use of a password manager or some other form of encryption. There is almost certainly (yes, even if your McAfee or Avast doesn't recognise it) malware installed on your computer and fake wifi hotspots make it easier for hackers to break into your computer. So safety first; make sure everything is well protected.
Never, never, never, never give away your password
Even in places you don't necessarily think about it! Websites like howsecureismypassword.net are great to test your passwords. However, you never know whether they actually store them or not. Never put them in emails. Never give them to your friends. Never let your friends look at how you typ your password. Never google them (history). Never enter it in a form. Never enter it when you get fishy mails. Only use it in the bobbed password field.
Have a good virusscanner
What does this have to do with passwords? Simply because virusses (keyloggers in this case) are able to register all keys you type in. If they can retrieve something like gmail.c[ENTER]pr[TAB]12kkdfja93ro[ENTER] then it is immediately obvious for the attacker that your password is 12kkdfja93ro (which is quite a good password: takes 37 years to guess). Today's virusses are cleverer than ever and will outsmart a lot of (even good) anti-virus software.
Safe internet connection!
Never use your passwords on public wifi spots (or at least; busy spots like the McDonalds)! It is extremely easy for hackers to set up a custom wifi network that will look just like the original one. Those networks are completely controlled and are able to monitor all traffic that goes through them: including your password. Even networks that aren't setup by hackers could monitor all traffic.
Just don't be obvious
Don't use friends' names. Don't use your dog's name. Don't use your cat's name. Don't use whatever the flippin thing that is close to you. (Also don't use direct works like chocolate or qwerty or 123456. That just won't do...).
Don't leave your pages open
When you're logged in, make sure you also log out (or return to the user select screen). People that are in the vicinity might be able to sneak in and change your password.