Easier said than done...
A lot of sites don't allow special characters, others don't discriminate between lower and upper case (WoW, I'm looking at you...), so often the user has to accept a lower level of password security than they would like.
I'm a wee bit in the middle for security - I don't allow my browser to store passwords for what I think of as sensitive sites (and I don't use web based banking at all), I use different passwords for different sites, but I have to confess that I don't change them often enough.
OTOH, if anyone wants to hack my mail, all they'll find is how dull my life really is, and if I did have my bank account compromised they'd be the lucky recipients of 3 groats 2 shillings and thruppence ha'penny - I'm lucky in a way, what you don't have, can't be taken...