Since never changing your password isn’t generally a realistic option, and some sites actually prevent you from using good passwords and, even better, passphrases, we’ve produced a number of articles and papers on the topic to help make it easier to follow good practice, even when your provider seems set on preventing it. Here they are as a list, to make it easier to follow.
I’ve just returned from Canterbury in the UK. One of the reasons I was there was to present a paper on malware naming at CFET 2009 (3rd International Conference on Cybercrime Forensics Education & Training). It was an excellent conference, and I’ll have more to say about that later (and the paper will be available shortly