After reading this, everyone should be getting a password manager.
I am convinced that the best way to get someone's password is to break into crappy sites like hobbyist bulletin boards. I am on 10 or 12. "So what", you say? What can someone to do to you on a bulletin board? Not much, but since you likely have scores of passwords, and you likely don't use different passwords for every site, then that user name and password on that crappy bulletin board may also work at Citibank. Then you are in trouble.
I got a password manager last year (lastpass) and changed every password but one to 12 digit randomized passwords that the program then remembers. That database is protected by a complicated password I have never used anywhere else and is not a real word, and protected by two-step log in (via Google authenticator). The only other password that is not random is my email password I have to use so often from so many mobile devices that I have a long phrase I use for it that I can remember.
This is undeniably a hassle, particularly for mobile devices where lastpass and other password managers are behind and harder to use (in part because there are not as many browser plug in abilities).
I won't say this is bullet proof, but it is much better (I hope) than where I was before.
Is it safe enough? Here is my theory, which requires a brief joke first. Two men are camping in the woods when an angry bear shows up, clearly ready to devour them. One man quickly starts putting on his tennis shoes. The other says, "You don't think you can actually outrun that bear, do you." His friend said, "No, but I don't have to outrun the bear, I just have to outrun you." You can never be safe, but maybe you can make yourself a comparatively less inviting target.
Update: The biggest hassle of all is changing your password on a hundred sites. There is NO standard for where to locate the password-change links. You will think at first smugly that surely it is all in the "my account" section of each web site. OK, don't believe me. You will find out. It is a mess. And Whitehouse.gov was one of the worst, by the way.