Repeat after me.
The problem IS NOT PASSWORDS. Fighting for "better passwords" is a never-ending, stupid, foolish waste of time.
What is the point of a password? It is to prove who you are. Nothing more, nothing less. A password is not used as a key to look up information for a retailer, or blog, or anything else - that is keyed off your user name. All a password is is an identifier showing WHO YOU ARE.
It is unrealistic to expect a human to remember dozens of complex passwords and change them monthly. It is also unrealistic to preach "password managers" as a solution because they don't work in all situations and on the go.
So then, why is it then that I need a username and password FOR EVERY OF Amazon, Tesco, Virgin, and every other company listed in the OP, and Facebook, and Yahoo, and Google, and Slashdot, and every other site? Why can't I just have ONE complex, known, secure identification mechanism?
And even more pointedly - WHY IS IT that the technology ALREADY EXISTS to answer every point I raised - namely, the combination OpenID and OAuth - to solve this problem?
If every webmaster would stop thinking they live in their own universe, and SIMPLY STOP storing their own passwords and instead REQUIRE AND ONLY SUPPORT OpenID and OAuth authentication, this whole problem would be nearly entirely eliminated from the internet. People would have ONLY ONE password to remember, for all sites. They could be FORCED to change it monthly, and it would not be a huge burden since it is their ONLY password.
But no, every site in existence thinks they are THE ONE and should be able to exist in their own walled garden independent of everyone else.