The latest XKCD comic identifies one of the major security failings of the internet today: the tendency of users to use the same password on more than one important site. It’s fine to use the same password for a bunch of news sites that do not store important personal information. What’s foolish is using the same password for a potentially vulnerable site and for something important, like a bank’s website or the password on an encrypted hard drive partition. Doing so risks allowing someone to compromise your information, one step at a time.
Another related risk is password recovery systems. Countless websites allow users to either have their password emailed to them or reset their password via email. That means that anybody who gains access to an email account linked to such features can then gain access to any sites that rely on that sort of password replacement system.
The wisest thing seems to be using strong unique passwords for email and other important sites, then having a couple of lower tier passwords to use for general sites that do not pose security risks. Random.org has a password generator, though the trick of building up a password from a memorable piece of music or poetry is probably less troublesome and still quite secure. An alternative approach is to have unique passwords for everything and rely on a password management program (or a piece of paper kept guarded in your wallet) to keep track of them.
Online security would also be better if all sites allowed the use of passphrases, rather than just passwords (and sometimes ones with an absurdly short maximum length). Two-factor authentication can also help.