[scotu]

>This is one area where I feel strongly that the conveniences of 'Cloud' are outweighed by the risks.

I wish this was true, in fact with at least 3 devices I use daily, having an offline password manager means I need to type in manually "difficult" passwords on 2 (n-1) devices (at least that's assuming how password managers and username-password auth work today). Call me lazy but that's already above threshold for me, I'd rather use same password everywhere than do that. Am I missing something?

[thom_nic]

I've taken to using Keepass which is an encrypted, open source offline password manager, plus Dropbox for sync between all of my devices. While I can't control the security of Dropbox, I can at least control the level of encryption on my Keepass database. Keypass lets you use a "key file" (in addition or instead of a password) which you could copy to each of your devices once, which would make for a very secure password database at-rest.

It's still not perfect but I think it's a better than LastPass or 1Password. And if you have a more secure file sync (maybe AeroFS?) you could use that instead.

[ionised]

You can also use another encryption mechanism like GPG or something akin to TrueCrypt's (not sure how people feel about using TrueCrypt 7.1a these days) encrypted hidden containers to hold your KeePass database on your cloud storage, which itself would also be encrypted and need a key file.

This way you have three or four separate, strong barriers of entry to your KeePass database.