On most UNIX systems, everyone knows (or can find) your username. When you log in, how does the system decide that you are really the owner of your account - not an intruder trying to break in? It uses your password. If anyone knows both your username and password, they can probably use your account, and that includes sending mail that looks like you wrote it. So you should keep your password a secret!
If you think that someone knows your password, you should probably change it right away - although, if you suspect a computer "cracker" (or "hacker") is using your account to break into your system, ask your system administrator for advice first, if possible! You should also change your password periodically - every few months is recommended.
In general, a password should be something that's easy for you to remember but hard for other people (or password-guessing programs!) to guess. Your system should have guidelines for secure passwords. If it doesn't, here are some suggestions. A password should be between six and eight characters long. It should not be a word in any language, your phone number, your address, or anything that anyone else might know or guess that you'd use as a password. It's best to mix upper- and lower-case letters, punctuation, and numbers.
To change your password, you'll probably use either the passwd or yppasswd command. After you enter the command, it will prompt you to enter your current password ("old password"). If that's correct, it will ask you to enter your new password - twice, to be sure you don't make a typing mistake. For security, neither the old nor new passwords appear as you type them.
On some systems, your password change won't take effect for some time: from a few minutes to a day or so after you make it.