If you are looking for a web-based password manager, please take a look at Clipperz.
http://www.clipperz.com

Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded. And the key for the encryption processes is a passphrase known only to you!

Clipperz source code is freely available for security reviews, the core crypto algorithms have been packed into the Clipperz Crypto Library and released under a BSD license.

Clipperz offers:
- one-click login
- offline version
- import from Keepass
- one-time passwords
- …

Thanks,
Marco
Clipperz co-founder

More info on master password:
http://kb.mozillazine.org/Master_password

AFAIK once you set a master password, all passwords set after then are encrypted, most likely weakness is if someone brute forces the master password (tools exist). If you’re paranoid, encrypt your Firefox profiles too.

Also, I presume you’re using Truecrypt v5.0. I found the new filesystem noticeably faster than v4.3a. NTFS works well and if you’re worried about cross-platform issues, NTFS-3g on Linux works fine with Truecrypt partitions.

Finally, the other extension which I find useful is Google browser sync, great for syncing between work and home. All saved data can be encrypted.
The other way is portable Firefox:
http://portableapps.com/apps/i.....x_portable

Thanks for the excellent suggestions!

Combine that to the possibility to have a portable version of it, and a Pocket PC version of it, all of which are of course able to handle the same database, and you’ll only need to remember one password for the rest of your life!

On my USB stick I keep Keepass inside a Truecrypt partition for extra paranoia

Re: Firefox, *always* use a master password, I also use SIW and it didn’t find any of my secrets. I also never store passwords in Firefox for sites which are finance related, I just keep these in Keepass and copy to clipboard (although I also use ClipX so this has a risk associated with it)

Also on a Firefox tip: Try the “Secure Login” and “Autofill Forms” extensions. Aside from making login easy (duh:), what this does is prevent a site from auto-completing a form post based on your saved passwords (e.g. from a XSS attack), you have the manually press Alt+N. Check it out, very cool extensions! I also run NoScript of course.

I have already begun the process of changing existing passwords. It helps that KeePass comes up with a random password by default when you are adding an entry and that there is a Generate Random Password button as well that you can configure with different rules to match the requirements of the site.

I would really like to see the password file sync happen automatically, so maybe I will setup a foldershare for my pw file.

Also, don’t forget to change the pw to all of your resources! If you still re-use passwords all over the place then this method won’t help you if 1 gets comporomised. The real benefit is when you create a unique, highly secure password for each site you visit.