I use Lastpass, with a very strong master password. This of course relies on you ensuring your systems are kept secure, and frequent changing of the master password, but it works wonderfully.
Plus it means every login for every site has its own unique and randomly generated password, ensuring that no two logins are compromised should a website get hacked and your password be revealed in plain text to the hackers breaching it.
It's probably overkill but I change the master password every 7 days, using a seriously long randomly generated, then modified password with special characters, upper and lower case letters and numbers. In the case of LinkedIn I had my password changed in a couple of seconds, and the risk went away.
Its worth considering as a viable option for password management. I don't use it on my phone's though, as the security risk is increased. I keep the master password written down though, in case of theft of my hardware or something.
Websites really should be securing passwords as high as possible, with hashes and salts, but as these attacks often prove, this isn't the case. It is up to the individual person to ensure their passwords are strong and secure. People need educating on this, as time and time again we see people using stupidly weak and easily guessed passwords.
The user needs to reduce the security risk as much as possible, they shouldn't rely on any entity or website to do that for them. It just leads to problems further down the line.
Another point is email accounts. Once a hacker has the login details its almost game over, as passwords for other services can just be "reset" by the hacker using your own email account. For this reason it's extremely important to enable multiple layers of security to prevent access to others by brute force.
The problem is education of internet users, well the lack of it. That's what needs to change!