Concur: I use 1password and lastpass. There are a couple of critical accounts that are actually wrong in each (non-overlapping) and a couple I still only have in my head, but overall it's a huge plus on a day-to-day basis. And it's an incredible relief to read these announcements, pull up my password for that site, and see it's 20 random characters that I know aren't useful on any other site.
Yeah, my three internet banking passwords are in my head only, as are my two dns registrar accounts - they're all 5-6 word passphrases (with non grammatical capitalisation and punctuation) for memorability. The email account that all those accounts send password resets too is two factor authenticated and not used (or published) anywhere else. (I've got hints about these phrases stored in 1Password, but not the passphrases themselves.)
Everything else is 16char upper/lower/digits/punctuation randomly generated by 1Password (except where I need t back that down for sites/services that wont accept that length/charset).
I've also got my random 16char AppleID password in my head, since I end up entering that often enough into place 1Password can't autofill.
I _think_ that's "paranoid enough" at least for now.
One thing I'd like 1Password to do, is bug me about passwords that haven't been changed in some (configurable per login) time. I'm pretty sure in 2 years (or less) I'm unlikely to consider 16char passwords "long enough".
