I wrote the other day about shifting to unique passwords for every single web site I visit (there were 300 I had to change!) to limit the damage from a data breach such as that at Adobe. The irony was that to make this work, I adopted a password vault program to remember all these 300 strings of random characters. Which means that I am putting a LOT of trust into one site, instead of a moderate amount of trust into multiple sites.
The same sort of approach is being investigated with credit cards, where intermediaries are providing masked credit cards with one-time numbers (hat tip to a reader). In some ways Paypal has a masked approach where the transaction is settled off the retailer's site entirely, though I am not sure I am entirely comfortable with Paypal's security.