newtimber wrote:This may be the problem. If one of the several hundred sites you use has a security breach or is not handling very sensitive data so does not need high security, then that username/password will be in the hacking community. They then can (and will) just try it on other sites to see whether it works.
I'd really recommend using a password program (or even the one supplied with your browser) and let it generate random secure passwords that you cannot remember. You then only have to remember one password and the password program will not fill in your password onto phishing sites (and you can't either because you don't know what it is!)
Thanks, newtimber, I had no idea that was possible. Could you recommend a password program (we use Firefox, and Chrome sometimes)?