Also, I never use the same username AND password. However, I do reuse both, but not at the same time. Yeah, it is a downside to memorizing the password, but I don't want to write it down, and keeping an encrypted store adds complication and possible vulnerabilities beyond my control.

How do you keep track of > a couple dozen combinations.

even with consolidating down bank accounts I still have 3-4 banks, then the utilities to log in and see what is due, then the wife's school loan. Then various places I've made purchases (amazon, etc), forums (LQ, etc). Its just too many.

I get them mixed up all the time. I can remember the passwords, but not which computers / volumes / sites they are for. So I have this mapped in an encrypted plain text file. Previosly it was a bunch of post-it notes hidden under the box of post-it notes next to the keyboard.

metaschima, I changed my GitHub password yesterday, and it does not contain [A-Z]. Could be that your password is rejected because it's considered weak for some other reason. Put some !"#¤%&/()=?-_ into it.

It's probably because it doesn't contain any lower case characters.

How do you decrypt the plain text ? If the data ever hits the disk then the encryption is useless. A more common problem is that the decrypted file stays in RAM and can be sniffed.

Personally, I dislike putting all my eggs in one basket. I don't keep my passwords in one place, I don't write them down, and I don't use the same username password combination.

I have mine separated now, bank accounts and such are in the spreadsheet, wen sites in firefox. I plan to keep separate anyway, be it two back end files for keepass or whatever.

The only passwords I have in keepassX are for sites like banking, paypal and shopping as these are 20 characters long.

Sites that do not have my financial or personal information, I just use 8 to 10 characters which I have memorized and on a usb stick.

Anyway, lots of great replies from everyone here.

EncFS.

The average thief can not retrieve it and SÄPO (the Swedish stasi) can get into my accounts by other means.

Basically your doing data classification. I've done similar. I have a small truecrypt volume that gets synced to all my devices which has all my most sensitive data such as the spreadsheet with the bank account user/password/account numbers, scans of birth certificates, social security cards, etc.

The rest are less sensitive such as forum passwords and are just stored in Firefox (which I need to move away from since it will no longer sync).

FWIW I just "unclassified" one document, my personal net worth. It didn't have account numbers or passwords, just total balances, so someone pocketing my phone/laptop doesn't get anything useful, in fact maybe when they see how low my net worth is they will feel bad and give it back

yes, but...
crypto is done on the client and only hashes are sent to the servers at lastpass.

So how does it work if/when their servers are down, sounds like a cloud based from their description.

Hi enine

Not sure if you are aware of this but trucrypt had shutdown the project due to it's insecurity. Some articles recommend using Gnome Encfs Manager or zuluCrypt as replacements. Both can create encrypted volumes via a file and a block device.

Insofar as possible, you should arrange things (at least, in your own house ...) so that you minimize the need to use "passwords" altogether.

Beyond that, just keep them in a keychain. I happen to use "PasswdSafe," but I doubt that it really matters.

In muh brainz, yo.

Yes, I know its been shutdown, but there are several other programs which can use a truecrypt container.
Remember they said may be insecure, thats the key. Any software may be insecure as you never know if there are vulnerabilities that have yet to be found. I just say truerypt since thats the origination of my encrypted volume. I'm using EDS on my phone and tablet for example.