I think a good password manager + 2fa will be adequate. Make password manager long but memorable and then make passwords you generate crazy long, like 24 characters or more. That and 2fa all the things.
But if you're using accounts in "public" (like in the office) computers, aren't you trading an unlikely bruteforce for a single point of failure: your password manager, who's also in the cloud? Unless you also use 2FA on the password manager and there's no way for a compromised OS to copy your entire (unlocked) password manager DB. Oh god, I went too far.
Most password managers encrypt your contents one-way, and don't offer a forgot-password feature. Not all are in the cloud (1Password, KeePass, etc), though they can be cloudified via sync (for instance, use Dropbox or iCloud) Some support the Yubikey for authentication.