Use different passwords for your computer and on-line services. Also, it's good practice to change passwords on a regular basis and avoid simple passwords, especially those that are easily guessed.
As Randy pointed out in a recent blog, it’s debatable whether enforced frequent changes of hard-to-remember passwords are always constructive (they can force the user to write down passwords, for example, which may well swap one security problem for another).
However, you should certainly be aware that if some miscreant guesses or cracks one of your passwords, using different passwords for other services and for your system passwords drastically limits the damage that he can do. If, on the other hand, you use the same password for different accounts, you run the risk that one lucky guess will give the cracker the keys to the kingdom. Indeed, it's likely that one of the reasons that quite trivial accounts are sometimes phished is that they give a cracker a headstart on guessing the password for other, more profitable/plunderable accounts.
David Harley
Director of Malware Intelligence
