There are two slightly overlapping ways to actually solve this problem: 1. Use a password manager. 2. Have the tools, knowledge, capability, and willingness to use secure passphrases.
One other way. Websites could hash and salt the users password client side, then proceed as usual (SSL and hash it server side). Means the users password is effectively a long, secure passphrase and is unique. What do you think?
