Read to the end for a secret revelation.
One for all the various forums, social sites and other crap that is of absolutely no importance to me and if it gets leaked and you use it to log in as me on one of them, you can post comments in my name - omg, the sky is falling.
The problem there is that all it takes is one crap site and an attacker can check all of your "reset answers" (pet's name / mom's name / etc) to see if they can be used for an attack.
One is for sites that I have some stakes in, like accounts in online games and such, where you could do some damage in the sense of destroying something that took me time to create (delete my GW2 characters, I'd hate you for it, but no real damage has been done).
A different password but does it still have the same "reset answers" that the other category does?
And you are depending upon the admins of those sites to correctly secure them and keep them sites secure for THEIR ENTIRE EXISTENCE.
And one I use for sites where you could do some damage that I could probably reverse, but it would take effort and might cause me real-world inconveniences, such as shopping sites where you could order something in my name and I'd have to go and cancel the order or send it back or whatever.
Just about all of the damage can be reversed. It's just a matter of how much time and how much money is lost doing so.
This is about preventing the damage before it costs you time and money.
Your Amazon account should NOT have the same password that your eBay account has. No matter how much you trust either of them.
My PayPal and banking accounts have their own passwords, ...
And they should have their own email accounts tied to them. If someone cracks your GameYouUsedToPlay.com account that should NOT give them the email address you use at your bank.
Now, for the secret revelation!
Passwords WERE once used for security.
NOW they are mostly (99.9%+) used for MARKETING. That is why almost all the sites out there require a unique login. And those sites are very lax with their MARKETING data (your username/password/answers).
Once you understand that (and what information you are leaking when you give it to them) you can make better decisions on how much RE-USABLE information you want to give them.
Think about what the minimum information an attacker would need to access your bank account (either login or social engineering) and then look at how many sites have that information.