I don't know why more people don't use solutions like Lastpass. I have one very long and difficult to guess password (but easy for me to remember), and every site I visit has a unique psudo-random gibberish password. If a site does something really stupid like store passwords of their users in plaintext, a breach will only allow access to that site since that password is used nowhere else. This method is impervious to dictionary attacks, hash-table lookups, etc. It's a tiny bit of an inconvenience, but it's very secure and I don't have to worry about breaches like this at all.