i agree with you on the fact that in its current state, roboform would only provide a part of the solution. the concept is good but in practicality there would be too many obstacles to make it easy.
But lets face it, the OP is right, password, as a security measure is a failure, its way too easy to get from the average non IT aware joe, which forms more or less 90% of the people. In concept, the password is good, but in reality its a disaster. Are we really to expect everyone to create a unique, difficult-to-guess password for each website we sign in into? I mean, that just doesnt work, we are BOUND to re-use at least half of those because a line needs to be drawn between perfection and reality. Even I do it. i got three passwords: my really secure password for important sites such as banking, my mildly secure password for somewhat important websites such as facebook or /. and i got a weak, totally dictionnary attackable password for sites like for instance gog.com which holds very little info on me and dont log in very often.
one thing people can do but often dont realize it is vary the username and email, its just as important as the password in the set of credentials needed to impersonate you. for instance, ive got a domain name and any email sent to that domain, i will receive, thats no news to IT people, but that means i can use any email from that domain and use it for registration. That lets me figure which website leaked my info to spammers (or on which it was intercepted) and also vary my set of credentials while retaining the same password i would have used.
but i digress passwords are bound to fail because they rely on memory, which unvariably fails at some point. so to prevent that, you need to write it down, which is just as bad as using your password twice. a big part of the problem is that it is three-fold. firstly, you've got users like me stupid enough to re-use password AND re-use easy password, secondly you've got trojans and the likes infecting computers and reading any password you use and thirdly you've got the biggest of all, the world wide web which is just a big river, full of water which pretty anyone with a diving suit can dive in and take what they want if you allow me the analogy.
So... solution? well, i think storing encrypted passwords on a usb key is good, its like a portable keyring from ubuntu. you plug it in the usb port and firefox detects it there and polls passwords from there, asking for the master password first. then, anything and everything on the web must be encrypted. Servers goes *poof* but security goes *yeas*.
im sure its not perfect, especially the server goes *poof* part, but at least, its a step toward removing passwords as the mandatory gate to security.