Password mamager strategy - USB stick, or?

I am trying to improve my current password safe keeping strategy.
I am not a fan for encrypted files on the PC or in the cloud.
So, I concluded that a USB stick with some encryption might be best. Some models I found:
- Eikon To Go USB Fingerprint Reader
- Integral® 8GB Crypto Drive - FIPS 197 Encrypted USB
- Corsair 16 GB Padlock 2 USB 2.0 Flash Drive CMFPLA16GB
- Apricorn Aegis Secure Key FIPS Validated 4 GB USB 2.0 256-bit AES-CBC Encrypted Flash Drive ASK-256-4GB
- Kingston 16 GB Digital Data Traveler Locker


I want to make sure that the stick would work with no client installation.

Any advice?

The system I use makes use of passphrases. I have a base phrase such as "When pigs fly at". I append the domain of whatever site I am making account for to the end of the base phrase.

When pigs fly at Google.
When pigs fly at Facebook.
When pigs fly at Ebay.

This allows me to have unique and insanely strong passwords without writing them down anywhere. The only flaw with the system is that not all sites accept passphrases. I tend not to use them because it's not hard to and we should fight that dogma.

I use KeePass portable on a vanilla thumb drive.

KeePass for me, too - great free software & impossible to brute force.

I use lastpass.com which syncs your encrypted password database with lastpass.com's servers. Very handy with multiple devices and computers.

I think KeyPass on a USB stick is a much better solution than LastPass. Unless you want all your passwords in the cloud.

I use KeePass with the DB file on my Synology NAS. The DB file requires a password and a keyfile to decrypt/open.

I use the KeePass Windows/Linux client on PC's with the SFTP plugin to log into my NAS on my work PC. And I use MiniKeePass for to view a locally saved copy of the DB on my iPad and iPhone. I found that MiniKeePass is the least terrible KeePass client for iOS.

All my passwords are complete gibberish. I can't remember one even if I tried.

I don't know if I would trust all my password on a single memory stick. Even it if was a good one. As it stands now, I'd like to think my password DB and other data are pretty secure. My NAS runs 2 drives in RAID 1, but it backs up to a local USB backup and also to a second NAS at my parents house every night.

I use KeePass and keep the DB in my Dropbox.

jophde said:

The system I use makes use of passphrases. I have a base phrase such as "When pigs fly at". I append the domain of whatever site I am making account for to the end of the base phrase.

When pigs fly at Google.
When pigs fly at Facebook.
When pigs fly at Ebay.

This allows me to have unique and insanely strong passwords without writing them down anywhere. The only flaw with the system is that not all sites accept passphrases. I tend not to use them because it's not hard to and we should fight that dogma.

Click to expand...

Also, once one is figured out, it wouldnt take long to find other accounts and access them...