It's always worth emphasising (even though I have before!) the importance of having strong passwords for your online accounts, and a recent Microsoft Malware Protection Center blog post has some useful do's and don'ts for passwords
It includes some interesting stats on the most common usernames used by bad hackers in automated attacks (change your username from Administrator, or if your name is andrew, dave, steve, paul or adam!).
Common words used in password attacks were also given, and again using "password" or "123456" really isn't a good idea.
See that blog post for their tips and you can always test your password on their password strength checker.