Key Loggers

Long ago a buddy of mine came up to me and told how he received a mail that had the password of his email account!

Like a typical tech guy, I immediately replied his computer may have been infected with password stealing viruses, trojans or key loggers. But in fact, he had a pretty good anti-virus with the latest updates and no harmful programs were found in his computer.So how did that email contain his password? Was the account hacked?

It became very clear after he said who had sent that mail! Apparently, the email was a spam mail sent from a third-party website (let's take xyz.com as an example), where he had registered as a user. The answer was right there!While registering at xyz.com, he had used his Yahoo email id as his username at xyz.com and used the same Yahoo! Mail email account's password as the password for xyz.com.So now, xyz.com had both his email Id and password. The user had disclosed his email id and password, although unintentionally.What to do if I have committed this mistake?

Can this be considered a mistake in the first place? Oh yes! It should be when you have a lot at stake (personal mails, business plans..etc) in your email inbox. Moreover, there are thousands of new websites popping out each day only to disappear weeks later. Always better to be safe than sorry.The very first thing one can do is to :
Change the email password immediately.
Always keep a separate username and password for registering at other sites.
Use the secret Question & Answer password recovery option for your email, in case someone changes your email password. Many still don't use it. This will only work if the person who logged into your account didn't change the secret answer.
Personally, I always keep a separate password just for registering at websites that I find interesting. Do you use your email password while creating accounts at other sites? Have you thought about this while registering at sites? Please let me know in the comments...