There is a lot of advice about passwords and security on the web, but no one system is perfect for everyone because everyone has different needs and risk profiles. This is my system, and it works great for my situation. Some friends have asked about it, so I'm sharing this Instructable. Even if your goals don't quite match mine, you may find some useful techniques, so read on...
I'm assuming you already understand something about passwords, like the fact that "12345" an anything in the English dictionary are terrible choices for a password. I don't delve much further into cryptography or security theory, because it would take too long, it would be distracting, and mostly because I'm not an expert in that field (hopefully you will see that as a plus, since otherwise I would spend the whole time scaring you).
The basic problem with passwords is that if you have enough strong passwords to have adequate security for all your different web sites and other situations, then it is difficult to remember them all. Solutions like writing them down or storing them in a spreadsheet solve those problems while introducing a host of other risks. In addition to the obvious security holes, keeping that information up to date can be a bother.
Now that I have a family, I realized there are other needs too. I handle most of the family finances, but if I am hit by a bus, whether I survive or not, how will my wife figure out all the stuff needed to take over? Less important but more common, if my wife gets a new frequent flier number and password, is there a good way to share it so that either of us can access it when needed?
If my laptop is stolen, or my house is burglarized, am I going to have to change all of my passwords? If you are starting to catch my drift, you can see that the first step is to think about your risks. While most people are affected by the same risks: burglary, malware, injury, stupid mistakes, natural disasters, some situations may be more important to you than others, so it's still worthwhile to give some thought to your specific concerns.
Most of this is not terribly new; many people already use a password database stored on the cloud, but I haven't seen much written on how to share it securely. Even if you don't need to share your passwords with a family, you will probably still find some or all of this system to be useful.
Step 1: Assessing Risks and Threats
I consider "risks" and "threats" to be more or less synonyms in this context, but some people approach this problem from only one side. For example some people carry all their passwords on an encrypted USB stick on their keychain. That's great to prevent data theft, but what happens when you accidentally flush your keys down the toilet, like I did a couple years ago?
OK, so you keep a backup. What happens if your house catches fire, and you leave your keys and your backup drive behind? Yes, you should be storing the data in the Cloud too. The point is that you need to consider all of these before you can be satisfied that your system is adequate protection from whatever life throws at you, whether it is malicious or accidental.
Design goals (driven by my assessment of risks and threats)
* Use secure passwords where needed and use separate ones for each financial site
* Don't have so many passwords that I forget some of them
* Share access for convenience
* Share access in case I am incapacitated
* Don't compromise security if my laptop is stolen
* Don't lose access if my laptop is stolen
* Keep it simple enough that my wife will use it too
I can't stress the last one too much. If the system is too frustrating it will be abandoned, and that's another risk.
Threats I gave up on
Security is a hard problem. If someone takes control of your email, they will probably be able to reset many of your passwords and take control. This system can help, but does not do anything extraordinary to protect your email, especially if you cache your email password in your Browser.
Many windows computers have already been compromised and could be logging your keystrokes or intercepting your web data. I think this system is way better than most other forms of protection, but it's impossible to be totally secure unless you throw your computer in a lake and go hide in a cave (and that will bring its own set of problems).
In most situations, better security comes at the expense of ease-of-use. One of the nice things about this system is that most of the complexity is in the setup. Once you get through all that, with the help of this Instructable, your system will be both reasonably secure and reasonably easy to use.