I use unique-to-each-account randomly generated passwords, 2-factor authentication, etc., to protect my online accounts. Of course, such a system cannot possibly be merely remembered (at least not by me).
However, it seems to me to be a bad idea to keep all of those passwords in online storage somewhere or controlled by some app under the "We promise you we are secure" notion.
So, I keep all of my passwords in a spreadsheet, protected by a password, and then encrypted using a non-Windows-based encryption algorithm (AES-256), and THEN stored on the cloud. The entire protection process is under my control and not dependent on the promises of others.
I know that is far too inconvenient for most people, through.