We have a password at each and every web site we have an account with. Each web site has their own set of rules - minimum length, use of upper and lower case/numbers/special characters, and so on. So, we end up creating different passwords at different sites.
We have passwords that are easy for us to remember, and passwords we are forced to create (which we end up forgetting anyway).
According to this study, a person has 6.5 passwords on average, and uses each password on an average of 4 sites. What that means is that if your password is hacked on web site, then your accounts on at leat 3 other sites are compromised! That number could be more if we do not have 6 or more passwords, or if we use the same password on more than 4 sites.
So, effectively, we have paswords that we cannot remember, and use the same password at different sites.
Which means that we are doomed either way - we forget passwords, or a hack in one web site results in our passwords being compromised on other web sites.
But safer alternatives are out there!