Personal Password Management
As a web technology person, I sign up for a lot of online accounts. Everything from personal photo sites to online banking, security wikis to open source projects. Recently I decided my password security was not the best because I only had about 8 standard passwords I would use across all my website accounts. I based the complexity of my passwords on the danger to myself if the site were compromised. A wiki compromised in my name wouldn’t be so bad so I’d use a medium security password. My online banking, however, would be pretty bad if compromised and has a very secure password.
I decided to mix things up a bit and started looking for a way to make all my passwords complex and find an easy and secure way to keep track of them all. A collegue of mine recommended KeePass and it’s just what the doctor ordered. I keep my KeePass installation on a thumb drive that is encrypted with TrueCrypt and use a very secure password (> 50 characters) for both systems. KeePass allows me to group my accounts into categories so I can easily identify the accounts for which I’m looking. It also allows me to generate random secure passwords for new accounts when signing up for things.
While it is somewhat a hassle to learn these new passwords over time, it is much more secure that I am not using the same password across multiple sites. And if all else fails, I can open KeePass up from my thumb drive and unhide the password temporarily to remind me what it is.
I recommend this for everyone as it’s much more secure that the typical sticky note under the keyboard trick, or allowing your browser to store your passwords (I still do this for the less security sensitive sites, but not for online banking). Best of all, it would take a really long time to crack the encryption set on my thumb drive (and then the second level of security with KeePass itself). If I ever lose my thumb drive or it gets stolen, I will have ample time to reset all my passwords. I of course keep a backup copy of my KeePass database, but I’m not telling you where! 
Best of all, both KeePass and TrueCrypt are open source projects, so anyone can download and look through the source code. In general, this makes them both more secure because more people can find and fix flaws in the design. They also both use the latest in encryption technology to ensure that your information is as secure as possible.
Reader Comments
I couldn’t agree more that KeePass is an invaluable tool. I use it where I work at as we have umpteen different systems, service applications, etc. that we have to keep up with – all of which having different passwords. What’s better is that KeePass has clients for all platforms (Linux, Windows, and MacOS), and all of which will open the same KeePass database file created by all of the versions.
Interestingly enough, however: http://lists.freedesktop.org/archives/distributions/2008-October/000273.html