I use LastPass, with a Yubikey as 2ndry authentication.
Printable View
I use LastPass, with a Yubikey as 2ndry authentication.
I use my brain - for every on-line password I use a simple three part password where one part is standard (and alphanumeric capital/lower case) and the other two parts are worked out using a couple of rules applied to the website URL in question. That way I can remember all passwords without too much effort, and all my passwords are different and sufficiently complex.
1Password is a good one and you can sync from multiple platforms.
I used LastPAss for some times, it is great.
The key to this is use a strong password.
It's better to use a very strong password that you change rarely rather than a weaker one that you change more often.
Password strength checker:
http://www.passfault.com/
This should go without saying but it's probably not a good idea to check your real password...
According to www.passfault.com a password analogous to my current password would take a Governmental body 200 million years to crack.
Lastpass + Yubikey + Air GAP
+1 for Lastpass here, get someone to recommend you and you both get a free month of premium btw.
As so many other, I too can recommend KeePass. A great tool. I've yet to try out Lastpass, but I know plenty of people being quite fond of it.
Another KeePass recommend here.
+1 for Lastpass, I have been using for ages, cannot get any better than this :)
+1 for Keepass, freeware and frequently updated.
Keepass stored on Dropbox/Google drive. (dont leave it open when you're done there is a tiny chance of corruption)
You can get Keepass add-ons for firefox and the like. I prefer it as its offline and open source.
I recommend KeePass - cross platform support, actively maintained, mature Android app (KeePass2Android), syncs fine through Dropbox, configurable authentication - you can for example use a keyfile or Yubikey in addition to a strong password.
Earlier versions of KeePass2Android would occasionally not pick up the latest database from Dropbox, so if I updated the database KP2A would then notice a conflict and save a copy so no data was lost. It's easy to reconcile the databases by using the Synchronize database command in KP (on either desktop or mobile), but since KP2A was updated a while back to check the remote database for updates, I've not had any problems since with sync conflicts when using KP simultaneously across several different devices.
Interested to see RobbieRoy's suggestion - I used a similar scheme before, but kept on being confounded by some websites enforcing stupid complexity/length rules that broke the scheme. There were also the occasional place that either had password aging (forcing you to change to a new password every so often, like logging into a workplace PC), and others that had some problem with their own security and forced a new password to be chosen - this would also break the scheme.
A clever password design scheme doesn't help for sites that use additional authentication factors (PINs, memorable words, dates etc.) and also doesn't cover password recovery data either, whereas password managers take the hassle out of creating sufficiently secure passwords, and also enable storage of other private information, such as identity cards, customer numbers etc.
Indeed you should use strong passwords wherever you can - not all sites do, and sadly few have struck a good balance of adequate security with adequate usability. We have no control over (and usually no insight into) how companies handle and store our passwords. While industry best practice is to store passwords in a way that cannot be decrypted at all (i.e. hashing type functions) there are many players who don't do this, and where the password database is leaked, strong passwords are of no help whatsoever.
Password managers help by letting you treat the passwords you set up with each company as separate and disposable keys - a compromise of any company you deal with won't put at risk your accounts with anyone else.
I would vote for Keepass if you are looking for an offline password manager. It simple, secure and does a good job .