Which becomes a problem if sites don't allow passwords larger than 10 to 15 chars (as if they couldn't make a MD5/SHA1 out of it...) :(
Or sites that force you to have a password between a short range of characters (6-10? Really?), or sites that don't allow special characters, or sites that only allow alpha-numberic. I have no clue why some sites force you to use less secure passwords, but it drives me insane. Password management on the web is in a terrible state.
OpenID isn't without it's share of security issues, but I think it at least solves the password issue; I can't wait until I can use my gmail OpenID everywhere ;).
V/r,
Ryan Lane