The only problem I have with the concept of an "Internet Drivers' License", as you put it, is only half-covered by the centralization of risk. I understand that it means less attack points for the same password, which is better than twenty different options for a hacker to determine the thing. However, a successful attack on the site you login from does more than grant access to other sites you visit. Like a fake Drivers' License in the real world, it can be used for access in your name to other sites you never visit as well as the ones you do, allowing criminals everything from easy defamation to - if your payment credentials are accessible from the login site - use of your money to buy just about anything from anywhere that accepts the login information. It's sad, but for true security, you need a unique password for every site you visit that requires one. And, yes, that requires a level of memorization beyond the capabilities of most persons. My best recommendation is a highly self-critical evaluation of risk, determining what you are willing to live with and should (someone had five tiers of password security above, for example), and implement that as best as possible. In the case of areas where low-security is fine, a common login site may be a good idea, so long as that login does not link to any payment information whatsoever. For anything involving money, use a unique password to that site and, if plausible, refuse to store payment data with the site. If you must store payment data, make sure you trust that site with your life (because you are), and use the strongest password that site will allow. If that site doesn't allow strong passwords, don't trust it with your life.