[jwives]

I use a combination of password and key file so that I can worry less about someone shoulder surfing or otherwise observing the input of my password.

My password database is stored on a USB key that I carry with me, with a regular copy made and securely stored.

Key file is stored on devices I use, in a directory restricted to my own access and on a drive which is encrypted. An encrypted copy is also stored on the USB key with the password database; this can be decrypted using a GPG, key stored on a yubikey and also carried; if a device can be trusted enough, this is how I move the key file around.

Access to the database requires 3 things rather than two. A long passphrase could be recorded by an observer, who could then take my USB key. The key file ensures that they still do not have all that they need.