Interesting, my account's Security History shows a few failed login attempts in the last 3 days from Eastern Europe and Southeast Asia, and my account is not even popular.
I had 13 login attempts from South America, Asia and Middle East. My login details have been leaked in several leaks, latest being the Adobe leak. And even though I've had strong password, my fault's been that I've used the same password in lots of places.
Luckily the Adobe leak was the final straw and I finally started to use a good password manager and super strong, distinct passwords in all the services I'm using. It wasn't that bad at all, just selecting a good password manager[1], strong encryption and an easy way to sync your passwords between devices (git), I've had no trouble at all with strong passwords.
Although it would be nice to have an Android app for the password manager. I think it's a nice excersize for writing my first Android app at some point...
Your comment prodded me to check my own Security History, and I have five failed login attempts within the past 3 days from unrecognized IPs also on a not-popular account.
I've seen a small amount of suspicious activity (possibly 3 failed logins that weren't mine); I'm wondering how relevant various attributes of the username are. I'm starting to move to unique usernames for various services: not anything vastly secure, but something that's at least harder to automatically cross-reference. Does anyone know if using much longer usernames is a worthwhile investment?
They did the OAuth token with the Ripple give away 16 days ago, and before that, I had no failed attempts, just a single successful attempt. I too used the same password for a few sites.
