This article (Protect passwords? Not if latte is free) was passed on to me from a colleague who also saw the irony in this. I would say that we're 3 years too late in making 2-factor auth a base part of computing. This makes identity theft almost too easy... fish in a barrel.
What do you do to keep your passwords secure? Use the same one everywhere? Write them down? Keep them in your cell phone? None of these are great options.
The alternative is a something that you need to carry around. Any ideas on what could work? Iris and fingerprint scanners still aren't reliable enough (in the home market). Smartcards would work, as would token generators such as those sold by RSA and others. But equally important is who the issuer is. Because I don't want 20 fobs hanging off of my keychain, I want one or two to cover every site that I visit.