When a scammer gets your password it's only the first step, usually people use the same password on numerous sites.  The best example of this is ebay and Paypal, most people use the same password for both, the scammer therefore only needs to get your ebay password in order to gain access to your Paypal account.

Below is a list of the most common passwords used -

10 - Your first name
9 - blink182
8 - password1
7 - myspace1
6 - monkey
5 - letmein
4 - abc123
3 - qwerty
2 - 123456
1 - password

If your password is on that list then change it immediately!

Also, don't have a pattern with your passwords.  I remember once I had the habit of using the web site name as the password!  If a scammer bothered to check then they would have worked out what my other passwords were!
Also, don't have passwords on your computer!  Your computer can be hacked by scammers and that files can be stolen.  Unfortunately with older Windows systems it was quite easy for a person to read your computer files (without hacking into your computer) if your fire wall was set up wrong.
Now days I have a pretty blue book on my computer desk that I write all my passwords in.  I will be in a lot of trouble if that blue book goes missing but it's a risk I'm willing to take.

I've been on the Internet since 1996 and in that time I've been caught out twice by scammers.  Both times I've been tricked into giving criminals my account name and password.
The irony is that the second time I was caught I had been running this web site for over 6 months!!

So I gave my account and password away for my e-gold account.  At the time there was $2.20 in it, that was instantly transferred out.
The big problem came next though; they could see where I had been investing my money.  So now they had access to all my accounts, but not my passwords.  One problem - my password for my e-gold account was 'egold', so they wondered if I was making all my other passwords the same name as the site - guess what, I had.
The race was now on, I had to change all the passwords on my investments while the scammers tried to find my investments by reading my transaction history.

If a person knows your username they can then use computer software to try to guess your password.  It tries to achieve this by using every word in the English language.
Some systems only allow a user to have three attempts at their password before it shuts the account down, but a lot of other systems don’t; the criminals program can make over ten thousand guesses a second.

If your password is an English word then it WILL be hacked.  It doesn’t matter if it’s a common word, a persons name or a medical term – it will be found out.

To circumvent this you need to make your password non legible; that could mean messing two letters up “mother = mohter” (okay), adding a number “mother = mother7” (good), jumbling up the numbers in the word “mother = mo1h3r” (great) or simply having a complete jumble of letters and numbers “hj34jui9” (best).

For more security you should consider changing your password on a regular basis.  At university we were forced to change our passwords every 6 weeks for security reasons; considering we had access to the Microsoft Windows source code (which I never did get to see) then you can understand why security was so high.

Try not to use the same password on different web sites; if a low security web site is hacked and your password is stolen then it will be used on other web sites.
The perfect example of this is ebay and Paypal; if a fraudster gets your ebay password the first thing they will do is try it with your Paypal account – this account is usually linked to your credit card so it is quicker to loot than your ebay account (which is more enticing for the criminal).

Remember that having a person’s ebay account is only the first step in scamming money and takes a lot of work, while having a paypal account is a simple case of looting the funds.  It’s the difference of robbing a bank of cash or robbing a warehouse of electronic goods in order to sell later - the bank is the easier option!