change your passwords regularly
Great ideas but then you have sites - notably when dealing with the US government - that require that you change your password every 60 days and require that your new password is not the same as any of the "n" passwords used previously.
So naturally everyone writes the passwords down on a sheet of paper under the keyboard.