I use pretty much the exact same system that you do and have done so for many years as well. Recently though, I'm starting to think I might try out the password management software route. I've haven't yet had a problem with any of my accounts being brute forced and I guess there's something to be said for "if it 'aint broke...", but reviewing the passwords I use, even the more secure ones, I have this nagging feeling that they are more similar to each other than they should be. If a resourceful and determined attacker was to somehow figure out one of my secure passwords, then that would be a good ways towards figuring out all of my secure passwords and I don't like that possibility, however remote it may actually be.
TheSOB88|15 years ago
jonny_noog|15 years ago
Here's one possible scenario: let's say that I happened to be a member of a website that unfortunately allows an attacker to hit their login form as many times as they like and as fast as they like with various username/password combinations, and by brute forcing this login page in this way, they manage to determine what my username/password actually is. Now the attacker does know my username/password for one website I belong to and - if they're smart and determined - it may occur to them that now they know one of my usernames/passwords they might use these details as a starting point in trying to brute force other accounts that I may have on other websites.
I used to run these kinds of brute force attacks against websites back in the day when I had nothing better to do and before I had to work for a living. Often I was quite successful, but I wasn't targeting specific users and even back then I could tell that websites were getting more savvy in terms of detecting and defeating such attacks. So no doubt it would be harder to pull this kind of thing off now and it would probably depend a lot on which website(s) you targeted. But surely it wouldn't be impossible.
[1] http://blog.moertel.com/articles/2006/12/15/never-store-pass...