Are Passwords Problematic?
According to CNET, "eight-or-more-character passwords still dominate Web service log-ins." However, "many Internet users continue to use easy-to-guess passwords like "123456," "qwerty," or their first names." Clearly, we are all so used to passwords that we tend to be lax with them.
Passwords can be compromised in a variety of ways: keystroke logger on your computer; social engineering (simply, where one strikes-up a conversation with you in the hopes of getting you to reveal answers to security questions presented by many websites); information compromise, and the like.
So, what should one do? Long and complex passwords, different passwords for different sites and services, and, I think above all, be vigilant. Use one of the applications that CNET's article talks about.
Sometimes, server administrators themselves make it tough for users. Requiring users to change passwords very often results in users writing passwords on sticky notes and pasting them under the desk or behind their monitor! Users also begin using passwords like lastmonthpassword01, lastmonthpassword02, 03 . . . and so on!