On Sat, Jun 9, 2012 at 10:52 AM, <joseph.snyder@gmail.com> wrote:
My biggest problem still is the multiple computer issue. I am on at least 3-5 physical computers and 1-20 virtual machines, and 2 cellphones a day. I honestly do not want to store a database of passwords encrypted or not on an open service.
Security is all about trade-offs. In this case it's the trade-off between storing an excrypted password database on a 3rd party server, v's re-using passwords and having (potentially) weaker passwords as a result of not doing so. Personally I use KeePass, with the database stored on a cloud-synced directory. To decrypt the KeePass database requires both a Passwords AND a Key file, which is NOT synced to the cloud. IMHO this gives the best of both worlds - easy syncing between multiple computers and the ability to use unique, very strong passwords with all websites. But also very strong security in the case that the KeePass database is somehow compromised from the cloud service, as both the password and keyfile would be required to decrypt. Scott