My personal password scheme is to string together a few random things. 2 or more random things I happen to be thinking about that day (often abbreviated weirdly to prevent having actual words in my password) with random special characters between them and/or at the beginning or end.
This may not be as secure as a random SHA1, but it's so random (and usually pretty long) that I think it's pretty solid.
One bad thing is that I have taken to having one password for all of my "really don't care about this" websites. Only for stuff where if it were compromised, I really wouldn't care (though I might care a little), but it's still not a great practice, and that password is weaker than my other ones.
You think it's pretty solid - but it may not be. Computers are fast these days - passwords even loosely based on real words and common substitutions can be brute-forced - so not saying your system is bad (it's probably what most of us do, more or less) - but this passwordcard idea seems equally valid - you are still free to use it however you want, and without physically obtaining it, someone would have no idea where to start. If they did physically obtain it - they'd still have to know how you used it (which is up to you) - and that's assuming you didn't add some other out of band information (which you are free to do).
This may not be as secure as a random SHA1, but it's so random (and usually pretty long) that I think it's pretty solid.
One bad thing is that I have taken to having one password for all of my "really don't care about this" websites. Only for stuff where if it were compromised, I really wouldn't care (though I might care a little), but it's still not a great practice, and that password is weaker than my other ones.