It’s a really bad idea to use the same password for everything. The recent Twitter hack where 300 pages of internal financial and other info were stolen from the company was mostly because someone used the same password for everything. A lot of other simple hacks are as well. Read about that attack for an example of how easy it is.
You don’t really know what web sites do with your password. Some store them unencrypted in a database. If that web site is hacked and the attacker has access to that database, they have ALL of the passwords in plaintext. They also most likely have your email address. If you use the same password for everything, they now have access to your email account. If they have access to your email account, they now know every single other web site you use and most likely your login and password for those sites. Even if the passwords are hashed and encrypted they can still be matched up if an attacker has the entire database of passwords unless the encryption is “salted” (some sort of text added to the password before it is encrypted).
@dverhey I would do it the other way around. Very few hackers would bother trying to break directly into a person’s computer, especially by guessing the password. Most passwords are stolen in bulk from insecure web sites. Your password is also more likely to be attempted to be guessed on an online site where it’s already public and easy to access than a hacker trying to bypass any firewalls and other security measures you have on your computer.
@jaytkay Any password cracker worth anything will know to substitute numbers for letters in common ways like substituting 0 for o. It wouldn’t do a lot to slow down a brute force attack. I would recommend using the first letters of the phrases you like to memorize instead, along with more numbers and symbols. So your first example could be GWtw19#( Capitalizing the first two letters, lowercase the second, then 1939, the year the movie was released, but holding down the shift key while pressing the last two numbers to get the symbols in there. Simple example, but impossible to guess with a dictionary attack that will guess passwords with a dictionary full of words. It could still be broken with a straight brute force attack where it guesses every possible combination of letters numbers and symbols, but that would take a lot longer.