Read More Amazon, Groupon among sites with worst password security: Study
"You should avoid common names, pets names, favorite sports team or anything that could be gleaned from your Facebook profile," said Mike Prospero, reviews editor at Tom's Guide, a tech news site that covers computer and mobile security.
Web users should have a different password for each site or app they log into, according to Prospero, who suggests thinking of a memorable phrase and using the first letters of each word in that phrase as a password.
Read More Heartbleed bug: Is changing your password enough?
But if that's too complicated, or you have too many passwords to remember, there are a number of password managers to choose from.
For instance, LastPass, which stores your passwords as well as credit card, driver's license and insurance information, can be downloaded free, but unlimited mobile access to the service costs $12 per year.
Read More Cyberthieves scramble for information
1Password, which aims to be a "digital wallet" of sorts, stores credit card information, passwords for websites and apps and more, which can be organized in folders and categorized with tags. That service will set you back $50 for Mac or Windows computers and $18 for iOS devices.
Dashlane is like a digital wallet stuffed with receipts. It stores credit card information, screen shots and other records of your purchases, and when it thinks your passwords aren't strong enough—it'll encourage you to improve them. The free version of Dashlane doesn't let you sync across devices. For that, you'll have to pay $30 per year.
—By CNBC's Althea Chang.