Well the way I do it now is I have a fairly random core password (letters and numbers) that I use for everything, adding a few letters for each different website, tailored to that site. If one had access to even a few of my passwords and knew which sites they were for, it wouldn't be that much of a stretch to break my code but it would hopefully slow down anyone who hacked into just one account as that same password wouldn't work anywhere else.

For example if my core password is finkface10 (it isn't, don't worry), then for flyertalk, it might be FTalkfinkface10 or finkface10FT or something like that. They all follow the same pattern so I can remember them. Not sure that's secure enough because, as I said, if someone got hold of a good enough sample of them, the pattern is pretty easy to figure out. Like if I were using the second example, if they had a couple of my passwords and figured out the pattern, it wouldn't be too much of a stretch to guess that the password for United would be finkace10UA.

So, great minds, secure enough? Or since most hacks are a one-off, they likely wouldn't guess the pattern? Or should I go with LastPass? My email passwords, BTW, don't use the same pattern so if my email was hacked, it wouldn't get them much.