Roger Grimes at InfoWorld's Security Central wrote a very good article about password management. I agree with everything he said, except Roger did not go far enough. For several of Roger's attack types password guessing, keystroke logging, and hash cracking, one of the mitigation techniques is strong (high entropy) passwords.
True enough. However, I am convinced that it's simply not possible to memorize really strong (high entropy) passwords.
I wrote about this earlier and included a link to a review of password managers.