Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com
It's too easy and there is no excuse not to do it.
+ 1
I started using lastpass.com (there are alternatives too, like keypass and others) after the mtgox incident. I have come to love it.