We really need to take a new look at passwords use and standards. Those things that were thought to be good ideas, may have been at the time, but this is no longer the case.
Do you use the same easy password for everything?
It doesn't matter if your password is easy, if it is the same as a compromised password. Every online account should have it own unique complex randomly generated password. Humans are not capable of random. We are also not capable of remembering the massive number of online passwords that are now required by our digital lives. A password manager is the only viable solution. Personally I use LastPass
When was the last time you changed your passwords?
If your password has not been compromised there is no reason to change your passwords, provided they are complex and random. Changing a password only invalidates a compromised password, this is the reason for changing passwords. It does not provide any additional security.
How secure are they?
Provided the organization requiring the password allows it, they are 16 character random characters. I'd make them 254 characters if they were allowed on the majority of sites. There is no reason for a limit on password length as passwords should be salted and hashed. Any password that can be recovered and sent to you is not secure.
In reality security questions, failure to protect your account from being compromised by social engineering, and failure to protect the user information entrusted to them, is more likely to compromise an account than your password. Your passwords now need to protect the rest of your accounts when a different account's information has been compromised.
Edited by Kilroy, 11 June 2014 - 03:50 PM.