It obviously depends on the scenario, but there are many reasons to go with an enterprise-class password management product (i.e. shared accounts, service accounts, etc.). This is an example of a product (there are many others) that does auditing, check-in/out, integrates with RSA for two-factor authentication, and so on: http://www.manageengine.com/products/passwordmanagerpro/index.html

Personally, I use 1Password on my iPhone, iPad, and desktop. As long as you're getting your software from a reputable company, you should be fine. There will always be exceptions, and even a trusted company may have a rogue employee slip some extra code in. It's up to you to make that determination based on your risk appetite. If you're not comfortable with a commercial product, you can get by with a spreadsheet in a TrueCrypt archive. If you're extremely paranoid, use open-source password managers and review each line of code, or write your own

For me it comes down to a basic risk decision once you can get your brain past the psychology of risk (Our brains are fundamentally flawed when it comes to calculating risk).

Online password manager like lastpass which on the surface sounds like a really bad idea

Impact is high for compromise since they have all my credentials mitigated somewhat by their use of encryption. I also use a robust 2 factor auth with the service so credential harvesting attacks for my lastpass account would be somewhat ineffective.

Likelihood is fairly low given their effective security posture and excellent incident response


vs

Password reuse for all sites


impact is very high since a single compromise means all my sites are compromised

Likelihood is very high since any one of the sites I frequent can lead to compromise.

vs

Use different password for each site and manage myself in Truecrypt protected datafile

Definitely the most secure option, but yeah that's too much work especially given the wide variety of platforms I utilize. Lastpass works on every platform I commonly use.  Afterall, I'm a user too. Guess which option I choose? Is it perfect? No, but I think it's the best combination of security + usability.

I think we could probably diverge the discussion on how usable security solutions that are technically less secure are in actuality more secure than the more rigorous and less usable counterparts because users will comply and not seek to subvert the controls due to complexity or inconvenience. Generally speaking of course, swiss cheese is still swiss cheese.

BTW I'm not advocating this for enterprise usage, I still think an internally managed product like Cyber-Ark or something similar is a good fit but that's out of my personal budget. For $12/year, Last Pass Premium service fits the bill nicely for my personal stuff.