I create a randomized password for every website, stored as a plain text file -- one per website -- in an encrypted directory. When I login to the website, I copy/paste the password from the file. The encrypted directory is not mounted unless I am actively using it.
The problem I run into is that many websites only store an unknown few characters (maybe 8) and truncate the password without informing the user of the new password. This means that it will let you login the first time, but when you try to login later, you can't get in because the password isn't what they stored. This is very frustrating.