password app?

[ruby.monkey]

As a cheap'n'cheerful solution I use mypasswords with the password file encrypted and then replicated using dropbox.

Importing and exporting password files is a minor manual overhead.

 

[semilog]

Good advice. Of course, if the NSA (or an equivalent state actor) really wants to get your stuff, the only real way to keep it out of their hands is not to ever allow it near an ethernet, bluetooth, USB, or wifi port. As a number of US military contractors have recently learned.

The goal here is to keep my credit cards and health records out of the hands of, say, Russian cybercriminals who would prefer to go after easier prey.

I'm currently using 1Password and I'm very pleased with the UI of the software.

For web services, probably the most important thing you can do is to enable two-factor authentication.

Except for very questionable software and services that do remote decoding, there will never be a unencrypted password out on the server - the database is shared for downloading by your computers and devices, but decoded locally on each of them.

What with the advances in cryptanalysis, it is hard to define a password that will be safe within a few years - so using cloud served passwords protected by nothing by a single master password is at least a future risk.

The recommendation when using Keepass with a cloud-served database is to combine as strong a master password as you can memorize with a key file (that is, another Kbit or two of password, beyond the scope you could possibly remember) which is never shared across the cloud. Having to crack both puts the complexity of brute-force attacks into a region where even the NSA would need a couple of decades (if computers continue to grow faster at the current pace) to break that database.

Of course, there is always the risk that the device itself or other software on the device, are compromised, and dump the screen or memory to an intruder while the database is decoded - particularly vulnerable information should always rely on a second layer of security (like two-factor authentication).

 

[Doug]

I don't use a "password app" but have looked into that option. I keep a password list in a file in a more general-purpose application. The file's name is not suggestive of the contents. No data is stored or backed up online, so an intruder would need physical access to my computer to get to it.

Or fool me into downloading a trojan tailored to seeking info on my Mac and sending it out. To make this more difficult I avoid using the usual apps supplied by Apple such as Safari, Messages, Mail, Contacts, etc in favor of third-party solutions that an attacker might not expect.

In either case the intruder would have to know very specifically what they're looking for and the form in which the data is kept.