It's a pain to remember passwords and change them all the time. That is why many people don't have good passwords or a routine where to change them. Some sites force you to change them which cause complaints and restarts the cycle of easy-to-guess passwords or Post-it notes beside monitors. With the massive and scary Heartbleed security breach it's a reminder that you shouldn't wait to make things more secure.
One of the best Heartbleed explanations is from XKCD which shows how someone can exploit the bug and get all sorts of information that they shouldn't be able to. With access to a username and password someone can get into your accounts. So if you've stored your credit card info to make things easier, someone can buy stuff using your account. They could post things or use that account to get other information or change the identity that is there.
While it's important to be up to date with all of the standard security measures, most of us aren't. There are things that I haven't done because I didn't have time, but now it's time to get serious. The first thing to do is to turn on two-factor authentication wherever you can. You already do this with some things. Having a PIN number with your bank card works that way. You need the card and the PIN to be able to log in. Online, the most common two factors are a password and a text message. When you log in to a site a text message is sent to your phone and on the site you type in the number that was sent. In that case someone would need your username, password and phone to log in. Not all sites have two-factor authentication, but if they do you should turn it on today. That improves the security of what you do online dramatically.
The password challenge is still the biggest factor and the biggest pain. Sometimes when creating an account on a new site you are in a rush and just want to get it done, so you use the same password or a simple password. That's a weak link. If you repeat a password it makes it a lot easier for someone to get into all the accounts that you have, so you need to have different passwords for everything. In the early days of my internet use I had a little black notebook where I wrote down the IP addresses of the sites I visited (this was before the web and DNS) along with the usernames and passwords for each site. Now I use 1Password from Agilebits. It's on my MacBook Pro, my iPhone, and my iPad. It securely stores all of my usernames and passwords and it can generate secure passwords too. That means it can make passwords that are safe and keep track of them. The desktop version also allows you to do a security audit to let you know which passwords are weak, which are duplicates, and which ones are older. The great thing is that you don't even need to remember them as you can copy and paste them when you log in.
1Password is cross-platform with Windows and Android versions along with browser plug-ins, so you can easily capture, retrieve, save, and generate new passwords wherever you are. You can store notes and other information in it securely as well. I keep track of the information and serial numbers for software that I have purchased in there. It makes everything much easier. The mobile version for iPhone and iPad has a great web browser that gives you access to your usernames and passwords on the go, so you don't even need to copy and paste on your phone.
While it takes time to set all of this up, it is time well spent. Now is the time to get serious about security and to make sure that you're safe. It's a pain to have to do it, but it's much better than having to try and recover your accounts or explain that your account was hacked. Lock it up safely and securely to make the online world a better place.