Online merchants and other supposedly secure websites can’t be relied on to keep your personal information safe. Even sites using decent security practices may have been compromised by the Heartbleed bug discovered earlier this year. If the bad guys scooped up your password, you’re in trouble. And if you used that same password at other sites, you’re really in trouble. You need to use a different strong password on every site, and you should change each one often. Unless you have an exceptional memory, the only practical way to do that is with a password manager.