[encukou]

Now the bad guy has to crack two sites which you register on. (Or just make you register on two of his sites). Bam, all your passwords are effectively 3-letters long. This scheme is pretty common, so yes they would think of that. They might not try and figure out the alphabet position thing, since the password is laughably easy by now.

Or, they have you register on just one site they control, and figure out the substitution trick. They now have all your passwords.

Now that you made the post it's even worse: we all know your password here is 8 lowercase characters + 813. If that's really true, I recommend changing all your passwords everywhere, NOW.

It's an extremely, extremely tiny step up from having the same password everywhere.

[mattmanser]

I think you're being a bit alarmist, the most likely attack is that someone compromises one password and then logs into a higher value site with it. They can't do it in this case.

That's not going to happen with that scheme.

As long as you're not also using this for email/banks, it's not that silly, I use a similar scheme myself, it means you can log in from computers that aren't your own to certain services without having to install anything or carry round a bit of paper.