Now the bad guy has to crack two sites which you register on. (Or just make you register on two of his sites). Bam, all your passwords are effectively 3-letters long.
This scheme is pretty common, so yes they would think of that. They might not try and figure out the alphabet position thing, since the password is laughably easy by now.
Or, they have you register on just one site they control, and figure out the substitution trick. They now have all your passwords.
Now that you made the post it's even worse: we all know your password here is 8 lowercase characters + 813. If that's really true, I recommend changing all your passwords everywhere, NOW.
It's an extremely, extremely tiny step up from having the same password everywhere.
Or, they have you register on just one site they control, and figure out the substitution trick. They now have all your passwords.
Now that you made the post it's even worse: we all know your password here is 8 lowercase characters + 813. If that's really true, I recommend changing all your passwords everywhere, NOW.
It's an extremely, extremely tiny step up from having the same password everywhere.