Or better yet, don't use a password at all: Use a client-side SSL certificate.

Set your password to something random, and use a client-side SSL certificate to authenticate yourself to your OpenID provider. You can use the password reset feature if you lose your SSL certificate.

I've got instructions on how to do this on my website here: http://joel.franusic.com/How-to-set-up-a-client-side-SSL-cer...

Good advice! Thinking of passwords in pools is a good way to limit the number of passwords you use, and still maintain decent security. Since a lot of my financial stuff is linked together, breaking one account breaks all of them - so I gave them all the same password, and made sure it was extra secure.

My work and my school share servers, so I use the same password. Personal stuff gets a separate password, etc.. At the end of the day, I only have to remember 4 passwords and maybe 2 or 3 usernames, but I don't feel that it's lowered my security at all.

I must say, between Jeff's first post on this argument and another discussion I saw this morning here on HN I got a bit paranoid and just now finished changing _all_ of my passwords, each generated and stored using an automated tool. I acted on impulse, and yet I don't think I'll regret it, even if it was probably overkill. I "fortunately" lost just two accounts too, among which there was my "old" HN one.

Here's a useful bookmarklet for replacing all your passwords with a unique hash: http://supergenpass.com/. I need only remember a single master password, and all my actual passwords that get saltlessly hashed and stored in some jerk's leaky database are unique and look like some variation of "dxQ1V9EAs2". I can't recommend this thing enough.