I think we all need to accept that once we've given a password to a website it's compromised. It does not matter how they protect it - it's no longer safe. If someone has walked in to their website and taken our information, it doesn't matter which hashing scheme they've used. It's no longer important. Assume that any password you ever give out is gone. Be prepared to change your password / key on a site at any time. Mine are 26 character keys I don't know and will change as required (or leave a service that loses them).
1password for me. You can choose whatever you want though. Write them on a piece of paper you keep in your pocket if that works for you. Whatever you do, don't reuse them between services. It's just a matter of time before someone loses them and all your accounts are wide open.
In an ideal world we wouldn't use passwords anymore. But right now we have no choice so we have to do whatever we can to mitigate our eventual compromised accounts.
