For about an year and a half I've been using a simple trick that I learned from a friend of mine who is very good at using exploits to enter company websites and find security leaks. He was also very very cautious about security and pretty much didn't trust any software to manage his credentials (not even a notepad or sticky notes).
So his method is: For every domain use separate password which you can simply generate in your head every time you need to log in. For example by the formula f(domain_name)
1 - can it be easily reverse engineered if somebody gets their hands on 2 of your passwords?
2- use a different formula for banking and other highly secure sites.
The above formula fails the 1st test, but it's easy to tweak. Here's another formula:
first 4 letters => the 4 letters to the right of the first letter of the domain name on a qwerty keyboard, wrapping as necessary.
the number "3"
last 4 letters => the 4 letters to the right of the third letter of the domain name.
So for google the password would be:
hjkl3pqwe.
ycombinator would be:
uiop3pqwe
et cetera.
Make sure you have a number in your formula, so you don't get thrown by sites that require a number.
P.S. the formula I use is much different from that described. :)
yes, they could, if you use something that simple, AND they know you are using such a scheme. I used that just as an example. In reality you'd use something a little bit more complicated raising the bar for them by a considerable amount.
So his method is: For every domain use separate password which you can simply generate in your head every time you need to log in. For example by the formula f(domain_name)
Ex:
f(domain_name) = "abc"+first_and_third_letters(domain_name)+"123";
f(google) = "abcgo123"
This way if one site you use is hacked and your password stolen, they can't get to any other of your data online.