Aleksejs: How many of those would we have? I have just one master password, not counting the password to my computer (so yes, this means I'm one password away from losing my life).
Though, I do remember my passwords as well as use encrypted storage... that's for JustInCaseIForget.
One of my banks uses this horrible setup with random combinations of images (what do I do if I can't see?), words, passwords, and "security questions" which are made up of publicly-available information. Only way those are "secure" is if I totally make crap up instead of using real answers (like if I say my mother's maiden name, which was the name she went by anyway, was Tr0ub4dor&3 :)
Another of my banks uses a password and then a little device that needs my bank card to send and receive randomly-generated numbers. The site and the device have to match. Transaction authentication rather than user authentication (userAuth is only used once, to initiate). Nice, tho I have no idea what those little Readers cost.
They won't bother with yours, but they'll go after... oh... Gawker's servers (or, some server you have an account on), grab your pw from there and then hope you're dumb enough to have used it everywhere else. Since enough people are, attackers get something useful.
By the way, any sysadmin who lets anyone attempt 1000 guesses a second deserves horrible things.
I'm at Riga Congress Center M-W next week... I WILL see those Cat House cats!!