[mangeletti]

I couldn't agree more with your first point, but rather than recommend a local password manager, I recommend using a password algorithm of sorts. For instance, start with a password base (8 chars), a site specific "salt" (could be the domain or something simple like "email"), and a small per-site password or a pin (4 digits). With this, you can easily remember 1 password base for all your accounts, a convention for the "salt" (you don't have to remember each salt if you have a strong convention), and the only site specific info you'll need to remember is a 4 digit pin, which should be different per site. If you can remember a really small password or 4-digit pin, this method affords you all the protection you need. I use this method, but my passwords are 20-30 chars in length, because I'm paranoid.