Mike's PC Tips and Tricks (my opinions -- your mileage may vary)
If you find anything I wrote useful and you *don't* know me, I wouldn't refuse a donation toward my Web hosting expenses and kids' college educations!
Password tips

--Don't use one password for everything.  That's dumb. You'll be sorry.

--Whenever possible, use two-factor authentication so you're not dependent just on a pw.  Here is Google's system, for example.  Facebook, Twitter, your bank, your brokerage, etc.  If a site offers two-factor authentication, use it.

--Don't use a simple variation on different sites.  If I get hold of your Target pw and it's "target123", what do you think my first guess will be for your Walmart pw?

--Use a reputable password vault, like RoboForm.  Are you taking a leap of faith that the software author did not write a backdoor into the software?  Sure.  But, look at it this way: a) You should assume that nothing is really totally secure, b) The software author chose to write software to make a living b/c he or she doesn't like the idea of running from the law, and c) If your life depends on a pw, it s/be stored only in your head.

--If the government wants your pw, they have the computing power and the subpoena power to get it.  So, don't worry about it.  Your concern is everyone else.  A password vault will do 'ya. 

--Picking a good password is easy.  Make it long, make sure a dictionary is useless as a tool to crack it, use upper and lower case and numbers and special characters.  If you're using something like RoboForm, make your master pw brutal so a shoulder surfer doesn't have a prayer of memorizing it.  You'll get used to typing it.  For individual passwords, let your password manager automagically generate them.  Make 'em as long as the site allows (although maybe take it easy if you're making a pw you may have to one day type in manually, say, from your phone).  The four long random words tip provided by xkcd is great advice for a password you have to type in manually -- but, a special character or two and a couple of numbers can't hurt.  Dictionary cracks still scare me. 

--RoboForm (and perhaps the others) have smartphone apps that sync with your desktop cache of stored passwords.  The cache is stored in encrypted form in the cloud, and the password files can be decrypted on your phone as you need them.  You can't copy and paste from the iPhone RoboForm app into another app 100% of the time -- so n.b. the tip above about not making any pw you may have to type in manually too long.  Been there, done that.