Generate a unique password for every account that contains any personally identifying information about you. Change your password at least once every six months, and more often for your most sensitive accounts or after you’ve used a network you don’t trust. Change your password immediately if you learn the site it’s used to access has been breached. When signing in to websites, try to use a login URL that begins with “https.
Ars Technica