The problem is if you're a lazy person like I used to be and used the same password on everything but "important" sites like my bank.

One morning I woke up and read a message that a new computer had logged into my FB account from Chicago, and an hour later, someone from Russia logged into my gmail, mac.com, changed the passwords, wiped out all my email, and started sending everyone on my contact list some email about "send me money, I owe some hotel in England money and they have my passport and i can't fly home". That's because someone got hacked, got my email and old password, and figured it would work on my other accounts. It did.

I got my accounts back by quickly contacting the providers and using the "got hacked" authentication site with the secret security questions. Never did get the wiped out mail back. And if you don't do that the first few hours, you're screwed, there's no way of ever getting those user names back and gmail et. al don't even have anyone you can contact and talk to about it (read forums on this). Luckily I got up at 6 am that day and the hack had only happened a couple hours earlier.

Now I have a different random strong password for every account, generated and tracked by a program called 1password. $50 but worth it.