I'm a little paranoid about passwords on certain sites; are you?

So when I log into the financial institution where I have my retirement accounts I ALWAYS type the password incorrectly, then I go back and change the incorrect characters as well as add the characters I skipped. I always use the same pattern so I know what to correct. I figure if someone is somehow monitoring the keystrokes they would have to do a lot of work to get the actual password from what I typed. I'm just paranoid about someone getting into the account.

So if my password was 123456789, I would type 11344689 and then go back and overwrite the second 1 with a 2, overwrite the second 4 with a 5 and then add the 7. I figure a few seconds if my time is no big deal and it makes me feel better. Does anyone else do anything like this?

Nope, and if someone is monitoring your keystrokes, there isn't really anything you can do to keep the password from them. Identifying a press of the '2' key is just as easy as identifying cursor movement or backspace key presses. It's not really any additional work.

Keep your computer updated, practice safe browsing, and a good password policy is all you should need to protect your information.

What he said. Key loggers aren't spoofed by your techniques.

Password security is like house security...given enough time, any lock can be overcome. The trick is to make it not worth a hacker's time. To help make brute force attacks less viable, try to use passwords that use a variety of combinations of letters, numbers, and symbols. Preferably, use a phrase with these, and have the phrase not be related to any personal information about you or your family. And if the phrase doesn't make sense, even better.

This is not an assurance of course, but it helps minimize the chance of a breach from your side. Two-factor authentication is even better.

FC

Use a password manager that employs the paste buffer, freely available for every OS and even included in some. You are still hosed if someone logs keys and manages to keep a copy of your encrypted database, but at that point I would say do not use the machine in question at all. There has to be a reasonable limit somewhere.