What can I say? I use keepassx. I keep the db on dropbox -- so that it's always available to me -- and protect it with a key file and a password.
Good luck getting into all my accounts. First you need to crack my dropbox account. Then you need to guess which file out there on the interwebs I use to protect it. Finally, you can try to crack the password I use. I'll even give you a clue: the password is less than 40 characters.
So yes, use a password manager. It's trivially simple and stress free.
Except that it's _not_ trivially simple. I don't want to:
- Set up dropbox on every computer I use.
- Figure out how to get keepassx to work on Android.
- Open up a password manager when I want to log into something. Oh, I can leave it open? Wait, is that secure?
- Figure out if there are any limitation of the password manager you've suggested, which you may have missed.
- Deal with a "password migration" if I decide to switch browsers, which will include an absolutely non-trivial search for some software that replaces an app that is now a crucial part of my daily routine.
I could go on, but password managers are most definitely not a trivial task -- they add a layer of friction that I simply can't bring myself to care about when it comes to security to my Gawker account. Computers exist to make my life easier, not as a creator of problems that require working around.
KeePass doesn't interface with the browser directly - instead (at least in Windows) it registers a global hotkey with the OS which will use the active window title to find an entry in your password database and then automatically fill in the form with your username and password.
KeePass features an "Auto-Type" functionality. This feature allows you to define a sequence of keypresses, which KeePass can automatically perform for you. The simulated keypresses can be sent to any other currently open window of your choice (browser windows, login dialogs, ...).
By default, the sent keystroke sequence is {USERNAME}{TAB}{PASSWORD}{ENTER}, i.e. it first types the user name of the selected entry, then presses the Tab key, then types the password of the entry and finally presses the Enter key.
For sites or apps with weird forms you can customize the sequence.
"- Open up a password manager when I want to log into something. Oh, I can leave it open? Wait, is that secure?"
The way OS X's "Keychain Acccess" handles this feels like a good compromise. After some timeout (a minute or so) the password gets hidden and you have to put in your master password to see it again.
What if one of the machines you use has a key logger installed, you're totally compromised. Not just the passwords you use, but everything stored in Keypass.
At least if your passwords are in your head they will only have access to sites you entered while on that machine.
Good luck getting into all my accounts. First you need to crack my dropbox account. Then you need to guess which file out there on the interwebs I use to protect it. Finally, you can try to crack the password I use. I'll even give you a clue: the password is less than 40 characters.
So yes, use a password manager. It's trivially simple and stress free.