we use Password Manager Pro (PMP) at work, while everyone raves about it I find it rather stupid. You spend time creating all these unique passwords and saving them in a single location but then it uses your windows account/login to access them. So, once you have access to someone's login details which are pretty easy to get you've then got access to everything.
two factor is the best way and strong passwords, it's just remembering/storing those passwords that isn't safe.