KeePassX - A cross-platform encrypted password safe

I have a separate username and password for every single site I visit. I do this because I own numerous domains from which I allocate a site specific email address which in turn allows me to track which website leaked or sold my email when I get a spam. Even if I didn't do this, I would still need some kind of system to keep track of the million different usernames that I've had to come up with because of my normal name being taken, or some length restriction.

To keep track of all these, I use a password safe program. KeePassX is my favourite because the program is cross-platform and so are the data files. I send the safe files between windows and linux computers and can use them without modification on both. The password I use to secure the safe is ridiculously long and made up of non-dictionary words containing both numbers and symbols. Since it's the only password I have to remember, I can type it incredibly fast.

There is a downside to keeping all your passwords in the same basket though - if you password safe is compromised, then everything is compromised. It is however, considerably harder to compromise than using the same username and password for every site!

To counter this, I do not keep my financial username and password combinations in the same safe file. I have one file for work related things which I need to periodically send to work so they can have a copy of them. One for all of my personal websites I don't really care about, and one for my financial dealings. Just to keep it even more safe beyond that, I still remember parts of some of the passwords and don't have them entirely stored. If someone gets the file and my password, they still need the data that is in my head to be able to log in.

Another thing to remember is that the password safe is only as secure as the computer you are running it on. If you're using your normal Windows XP browsing machine running Internet Exploiter 6 to also access your Net Banking, then you're up a creek anyway. It will more than likely have some kind of malware installed on it which is setup specifically to capture username and password combinations, and maybe even your entire password safe. There are USB boot sticks and boot CD's available that will run a completely different operating system - essentially quarantining your activities from the malware. Or just get your friendly local IT doobie to setup a dual boot with a newer OS.

Installing KeePassX on Ubuntu is pretty easy. All you have to do is add the repository to the sources list, or a file like /etc/apt/source.list.d/keepassx.list
deb http://ppa.launchpad.net/keepassx/ppa/ubuntu lucid main
You will need to replace lucid with whatever version you are using.

On windows, there's a normal installer available.