If you follow recommended practices you should have a strong and unique password on every single website (or service) you visit or use, so that access to the rest of the other services is limited if one of your password is guessed or captured in some way . While this all very well, it’s quite hard to do in practice.
We are either lazy and tend to repeat same passwords all over again in different websites or we just try to use variations of a few passwords so that we can keep them in our memory . I confess I have been using this method with the not so important websites that I use, reserving some strong password (and memorizing them) for some of the most important websites. I have even written about different ways in which you can have a strong password based on a pattern and some specific bits of information.
Up until a few months ago I was using this method but then I became more security concious and started using a password manager to store all my passwords, having updated the passwords on most of the websites I use. The way a password manager works is by storing all your passwords on an encrypted database file on disk so you can access all of them if you provide the master password. Thus, this master password needs to be strong enough. Now, this is all very well, but it’s useless if you keep your database at home and you are on the move or at work, etc.
So, what I’ve found useful is that keeping my encrypted file in a private folder on Dropbox works best, as that means that I can have that file everywhere on my computers giving me the flexibility of accessing it anywhere. You can even choose a password manager that works in all major operating systems so you are not limited by OS.
And before you tell me that this could be insecure if there are key loggers in action or any other kind of compromised system, yes, there’s a risk of handing in all your passwords. but, well, you need to find a compromise between being totally paranoid and keeping your passwords in a fire-proof safe and having all the websites sharing the same password :-). I’m a bit paranoid, so I don’t store really important passwords there, like my Gmail accounts, bank accounts, etc. Your mileage may vary, so use with caution.
If you have any other suggestions, please let me know as I’m interested in other ways in which you guys have solved this problem, if solved at all ;-)