Just yesterday I received a notification from Facebook that my account had been accessed from a suspicious location and was locked as a security precaution. I had no idea how this could have happened, but I did have the same email address + password for Steam and Facebook. Hardly proof, but certainly a plausible theory.
http://keepass.info/ - It is easy to have unique, complex passwords for each and every service. And with Dropbox (or kin) you can sync to iPhone, Android, Mac, Linux or Windows. Plus plugins for browsers to make easier.
I use splashid. Not free but it works and they have an iPhone version. I also believe an older version of keepass was ported to Mac with the name KeePassX.
Salting a password doesn't make it uncrackable, it just makes it impervious to rainbow tables and other parallel attacks because it forces the attacker to recalculate the hash for every guess for every user account. You can certainly still run a mangled dictionary attack on a salted database, it will just take a lot longer.