Update your passwords at least about every six months. If you're one of those who uses the same password across multiple sites, use common sense. Obviously, passwords for banking should absolutely be different and unique. However, if you're an administrator or a moderator on a forum, those passwords should also be unique. Otherwise, if it's just small sites, like here—although, obviously, your license account password should be different—where you're just a member, it's not too big of a deal. If you feel you may have fallen for some phishing spam or even just end up on some spam site via a link, even if it turns out be nothing in the latter's case, run scans and then update passwords immediately. Use two-step authentication. Feel free to provide other security tips, and I'll add them to the list. Just thought this might be something fun to do.