I think password managers are an extremely good idea, second only to backup. To have reasonable security, you really need to have a different password on every account, so that the keys to the castle aren’t given away if a single site gets compromised. And ideally each password should be as much of a scrambled mishmash as possible.
This means we need to get out of the business of memorizing passwords, and instead start using password manager software, which can store all of your passwords, and even fill them in for you, in a central place, with you only having to remember the single master password. The master password is a key; without it, none of the other passwords are accessible.
There are many password manager titles available, of which some of the most widely used are 1Password, LastPass, and Dashlane. We like 1Password (though we don’t have enough experience with the others to have a strong opinion about them, other than that they’re all reputable).
One of the reasons we like 1Password is their security model. If you want to just use it on a single device or computer, then your passwords are never stored on any kind of server — they just sit, encrypted, in a single file (called a vault) on your computer.
If you want to synchronize your passwords across devices, 1Password offers several options: storing your vault on iCloud, or on Dropbox. This means both your iCloud or Dropbox account would have to be compromised, and then your 1Password vault within would have to be hacked. But if you’re truly worried about your passwords being in any kind of cloud, 1Password can sync directly from computer to devices on your own local network.
In addition, because some people found the above methods to be challenging to set up, 1Password now offers synchronization via 1Password.com, where they do store your passwords, though only in encrypted form — the unencrypted passwords are never sent to them. (They swear up and down that this is secure, and I believe them, but I still like it a little bit less because it makes them such an obvious target for hackers, like LastPass was.)
1Password is primarily sold as a subscription service now. However, it’s also, for the time being, available as a one-time purchase. Synchronizing via 1Password.com (rather than iCloud, Dropbox, or local network) is only available when subscribing.