I'm currently taking a security course at my University and we have been given Linux boxes to install services onto and then secure. One of our tasks is to create a couple dummy accounts with simple passwords and then we will attempt to crack the passwords by using a simple brute force attack.

The attack is as simple as combining a small piece of software and a dictionary which comes with the Linux distribution.

Lots of security is common sense, so if you use simple, insecure passwords, you should change them. And yeah, don't store them on your machine. If someone hacks your machine, then they get your bank/etc passwords? Not good!