Many venues still use the "secret answer" method as an alternate means of identification for recovering accounts and even, as one banking site I use, in conjunction with the username/password for logging on to the account.  

In such situations, caution needs to be exercised, particularly if you are active in social networking sites, such as Facebook.  "Mother's Maiden Name", "Name of First Born", "Name of Pet", "Name of High School", etc., is all information easilly accessible, particularly if your privacy settings are not locked down or if you participate in games, which have access toy our profile informatio.

Thus, using easily determined information as your secret answer, is not advised.  Instead, for sites that still use such common personal information, use consistent false information that you will remember. 

Pwned List - pwned emails + usernames discovered!

PwnedList is a tool that allows an average person to check if their accounts have been compromised. No passwords are stored in our database. You can read more about where our data comes from here. Just enter an email address or username associated with any of your accounts to see if it's on our list. Data entered is not stored, re-used, or given to any third parties. Don't trust us? You can also use a SHA-512 hash of your email/username as input. Just don't forget to lowercase all characters first.

Continued here: https://pwnedlist.com/

You may also check this resource: http://www.microsoft.com/security/online-privacy/passwords-create.aspx

You can also test if you have a strong password from this link: https://www.microsoft.com/security/pc-security/password-checker.aspx

I might just add that many passwords are associated with people, pets and events in our personal lives so being liberal with too much personal information can compromise your passwords as well.

Podcast: Busting Password Myths

In this episode, entitled Busting Password Myths, Paul Ducklin and Chester Wisniewski take a look at the thorny issue of password rules and regulations. The content of the show is based around a very popular presentation given by Chester at the recent RSA 2012 conference.

http://nakedsecurity.sophos.com/2012/03/11/busting-password-myths/

New article by David Harley at ESET:

Passwords and PINs: the worst choices

At a time when password breaches like the one at LinkedIn are once more making the news, there's plenty of good advice around about how to select a strong password as opposed to the sort of stereotyped easy-to-remember-but-stupendously-easy-to-guess password that turns up again and again in dumped lists of hacked passwords. So if your favourite, much-used password (or something very like it) is in the following list, it might be a good idea to stop reading this now, go to the link on how to select a strong password and use it as a basis for changing all your passwords to something safer (then come back and think about the PINs you use). The list is abstracted from one compiled by Mark Burnett, representing the most-used passwords in a data set of around 6 million.

Continued here: http://blog.eset.com/2012/06/07/passwords-and-pins-the-worst-choices