I use different levels of password for different things.
Do they have my credit card? No.
Can someone take my account and wreak havoc with it? No.
Do I need trust The Reg to adequately secure their passwords with hashes, etc.? Yes.
So a level 2 password it is. Quite simple, not guessable, not especially onerous, and shared with other Level 2 sites.
When it comes to online banking, not a chance that's it a guessable password even if you knew my life in intimate detail (randomly generated string of characters from my own script, run a hundred times, one password chosen at random, memorised and then the list destroyed), shared only with sites that present exactly the same kind of hazard (e.g. PayPal with the same banking information plugged into it).
When it comes to rubbish untrusted forums that I had to sign up for to download a bit of freeware or whatever? Junk that even if compromised would only get you into junk of the same level anyway.
Once you have that set of passwords, it's then not hard to fathom - first time - what password you would have used based on the service you're trying to log into. And, worst case, a handful of guesses of the LOWER LEVELS (wouldn't try the banking passwords on what is just a forum, for instance, just in case it was being recorded) would get you there. And nothing of interest is shared with stuff likely to see compromise. And compromise on one gets you no more power on anything else with that same password.
Don't trust password manager software at all (even if I could write it myself, a person trying to implement their own encryption even using popular libraries is like someone trying to represent themselves in court - they have a fool for a client).
And two-factor anywhere that I can see the use of it (e.g. banking, a very expensive Steam account, Google services, etc.).