Most of us have a lot of passwords now. I wouldn't even hazard a guess as to how many passwords I have for various websites. There's a great temptation to use the same password for several sites. Experts will tell you that this is wrong, and it is. But most of us have a generic password for sites that don't matter and hold no personal data, like online newspaper registrations. A surprising number of people just use password recovery every time for sites they only access occasionally.
But many passwords absolutely have to be secure, such as online banking, every computer workstation, any site holding your client information, web-based e-mail and any site where you have or might use a credit card (even if you didn't have the site save any info.)
The best way to keep your passwords secure is to use a dedicated password manager like Roboform. Lifehacker has a post on the five best password managers here. Hopefully no one still keeps their passwords on PostIt notes by their computer and hopefully everyone understands that a password simply cannot be a word that is found in the dictionary. (Brute force dictionary password cracker tools are pretty easy to locate.) But a lot of people still keep a written list or a file on their computer. If you do that, I urge you not to write down the entire password there. End them all with something like 3W$ and never write that last part down.
But a lot of non-dictionary passwords are common and easy to guess, such as pets or children's names. Star Trek fans like NCC1701 as a password and there are a lot of Star Trek fans. Here's a site listing the 500 Worst Passwords of all Time, but be warned that a lot of those common bad passwords are obscene words.
If you are still puzzling over proper passwords, here's a nice online feature on choosing good and bad passwords. But for most lawyers, a password manager is the way to go, with a copy on your computer and a copy on a flashdrive for remote access.
One great weakness in the system is online password recovery tools with their standard questions to prove you are you. Remember when the guy cracked Sarah Palin's Yahoo e-mail? She chose the recovery question of "where did you meet your true love?" and the fact that she met her husband in high school was all over the Internet, Pretty easy crack for even a beginner hacker. A lot of people choose "mother's maiden name" for their recovery question. Well, between genealogy sites and onlne obituaries, that is pretty easy information to discover online. In fact when I am trying to figure out how to locate contact information for a woman who changed her name when she married, I search for her maiden name (no quotes) and the word obituary to find her current name.
So no disrepect to your mother is intended, but you should probably come up with a fictional maiden name like tbiff339$ and go change that security answer in all of your webmail accounts and others with personal or important information to that name.