Over at CSO Online, there’s a nice war story about tracking down and resetting 300 passwords.
I could pick nits at a few of his details, but that’s annoying and counterproductive. His overall advice is very good–manage your passwords, set them to something random, keep in mind that some sites just won’t allow for a very strong password so do the best you can, and protect your main e-mail password and your password management system password with all the diligence you can muster.
It’s sound advice from a guy who’s done something that I admittedly have only barely started doing myself. I’ve reset my most important passwords and collected them into a password manager, but nowhere near all of them.
I think it is extremely important to use random passwords on most sites, because if you use a pattern, it may be possible to deduce your pattern if that password is breached, which then might allow someone to steal a more important account. Over the years I’ve registered at a large number of forums that most likely aren’t terribly diligent about their security–I have to assume those passwords will get stolen if someone ever bothers to try.