perils of a password

Until recently, I had a method of creating passwords for different websites: one for accounts that have sensitive financial information: banks, credit cards etc, one for websites with my credit card information, address information, one for my Gmail account, one for my Yahoo account and one for accounts with no sensitive information. Now the stupid thing that I used to do was this: many websites use my email address as the login handle. To keep things simple, I used the same password as the email account for the website as well. E.g: accounts with my gmail Id had the same password as my Gmail account. (I felt so stupid when I realized what I'd been doing all these years.) The fundamental issue here is that I put this information in the hands of third-party people, who I don't necessarily trust to the same degree as I trust Google. Gmail login initially was just for an email service. Now the same ID is used for all Google services including Checkout, AdSense , etc which contain sensitive information.

Since this realization, I've revamped my password strategy: different passwords for different accounts, except for those without sensitive information. I'm prepared for the additional headache of millions of passwords. But I've definitely become paranoid.

Time to rethink the login-password paradigm? biometrics?