Evernote, a popular note taking piece of software and one that this site highlights has been hacked. See http://blog.evernote.com/

No client notes have been stolen and the vibe from the internet is that Evernote have handled it well (compared with other high profile cases - Twitter, LinkedIn): the attack was detected and all clients alerted via many different channels. The stolen passwords are encrypted, hashed and salted but to be safe Evernote enforced a password change across all 50 million + users.

Security is never more important than when something goes wrong and it is clear why each website should have a different password.

Then you need an encrypted way of keeping the multitude of (strong/long) passwords. We use KeePass and synchronise across the office via Dropbox.

However, any password is potentially hackable. So I would urge all readers, particularly in financial services, to use 2-factor authentication wherever possible. Google, Dropbox and a number of others have it available but often do not promote it heavily. It tends to be a hidden option. Evernote is rumoured to be accelerating their launch of 2-step verification.

In brief as well as a username and password you will also receive a code by text message to your phone and this needs entering to first access the site. Cookies allow a machine to marked as safe (in Google's case for 30 days) before a new code is needed.

But the key thing is that unknown computers potentially belonging to a hacker do need the code. And they don't have your phone (hopefully!)