Passwords are like backup – of course you know you should do something about it, but usually it takes disaster to actually see some action. The recent OpenSSL / Heartbleed disaster (or to be more specific, the 20 plus “please change your password” emails coming in as a result) was the final push for me to come up with a password management strategy.
For me the solution is KeePassX. KeepassX is available on Windows, Linux and Mac as installer or portable version. For Android, there is a compatible app called KeePassDroid. The (strongly encrypted) password file is synchronized between different devices using Dropbox, so it can be accessed offline if necessary.
For each online account I use a different, random generated 160 Bit password, the password store itself is secured by a similarly strong password created according to the following guidelines:
The advantages are obvious, only ONE password to remember, which is not reused anywhere else, so if that old Yahoo account is hacked I don’t have to change a gazillion of other accounts where I used the same password. And through the Android app I have access to my passwords and data on my phone, no matter where I am, which makes the solution really quite comfortable.
In fact, if I had known before how little effort this is, I would have done it much earlier.