I was doing my daily stock market research when I happened to come across this article on the strength of passwords and how a hacker would go about trying to steal your password. It's an interesting read.
The writer basically goes into a brute-force approach for stealing passwords like trying the common ones, then going through community discussion forums and hacking into those since they are less likely to have good security (unlike a bank or credit card company). On the theory that many people use the same password over and over, once the hacker got your username and password from the less secure web portal, he could then use it as a basis for breaking into your bank acount.
This leads me to wonder whether or not phishers are wasting their time. Is phishing more effective than the brute force approach? What if they started combining techniques? Geez, what if they started sending out messages to less secure web portals like online discussion boards? That's not a pleasant thought.
Basically, my advice is this: use different passwords, don't use anything obvious and mix-and-match uppercase, lowercase letters and digits.