KeePass - Helps Quarantine Password Compromises
Its well known that you can't really trust any website or service to keep your password secure, whether its not salting password hashes (Linkedin) or storing in the database as plain text (Sony) etc.
So the key thing that will help keep you secure is having different passwords for everything, even to the extent that you don't even know what they are. Of course the use of 1 time keys are great too, but not always available.
Here are the tools that I use to help with this:
- Keepass 2
- Dropbox
- KeepassDroid
- Dropbox for Android
- Keepass Plugin - Human Readable Passphrase Generator
I setup a password key database (.kdbx) and store that in dropbox, so that it can be synced to all my devices also use KeepaddDroid and DropBox for Android to help with this. You could also use SkyDrive or Google Drive etc.
Having the .kdbx stored in the cloud instead of locally on my box adds another layer of security in that my dropbox account must be compromised first before the attacker can try to compromise the password key database.
Then I use the Human Readable Passphrase Generator keepass plugin to make passwords for all my other sites of the appropriate length and strengths. Then if one of them gets compromised, there should be no risk of that password been used to access other sites on my behalf, or in the case where other sites use OAuth/OpenID the elevation of privileges shouldn't be valid.
References: