According to the website, all HeathCare.gov users will be prompted to change their passwords the next time they log into the site. According to the site, “HealthCare.gov uses many layers of protections to secure your information,” and there’s no sign that any Healthcare.gov user information has been compromised, so this is mainly a precautionary measure.
The Associated Press notes that the US Government is reviewing al of its sites to see if they’re vulnerable to the Heartbleed bug, so it’s possible that users of other government sites may have to change their passwords in the not-too-distant future.
HealthCare.gov recommends using a password that’s unique to your Healthcare.gov account. Some password managers, such as 1Password, can generate and store unique passwords that you don’t need to memorize.
But you don’t need a password manager to devise stronger passwords: There are some tricks you can employ to create strong passwords that you can actually remember. See Alex Wawro’s guide to creating stronger passwords without losing your mind for one approach. And visit HealthCare.gov for more on that site’s mandatory password change requirement.