1) Random sign-ups.
2) Slightly personal information e.g. Hackernews
3) Personal or slightly financial: e.g. mail accounts
4) Financial: e.g. Banking/Share trading
5) Work accounts
I've been wondering if I should expand this to have the same as above but bring in a component of the URL into the password to create variance for all but keeping it easy to remember. Does that seem a good method or do people have better systems?
My logic: If one of these solutions e.g. LastPass is compromised then I am compromised across all sites. They may even bypass 2 factor authentication that goes via my email/messaging. Whereas using my method if one website gets hacked then I only give access to a segment. If it is worst case and a financial site is compromised they still don't have the password for accounts where they could see any 2-factor authentication messages. Does that make sense or am I missing something?