Use Keepass to store a password database on your PC
I found the password suggestions in your recent Letters pages interesting, but they’re of no practical use to those of us who have multiple online accounts that process financial transactions. I have at least 15.
I use the password manager Keepass (https://keepass.info) to store all my online account details. I keep its AES256bit encrypted database on my computer, rather than online in the ‘cloud’, which I don’t trust to be secure.
My database is protected by two-factor authentication, and I open it using something I have and something I know. The ‘something I have’ is a photograph, held in a virtual file created by Veracrypt, which itself is Aes256-bit encrypted. To open this, I type a 17-character password that includes upper- and lower-case letters, numbers and symbols. The ‘something I know’ is an eight-character password that uses a similar mixture of characters. I have configured Keepass to require a keyfile (have) and a password (know) before it will open.
When Keepass loses focus in Windows, I have to enter a password to reopen it. This is why I use a short one - the keyfile is still available in the virtual disk.
I use Keepass’s password generator (pictured below) to create all my passwords, and the software can also enter usernames and passwords to log into websites automatically. For complete security, I also keep my website URLS in
Keepass. Keeping them in browser bookmarks is insecure because they can be hacked. To open a website, I simply click an icon, then click to auto-type my login details. This means I need to remember only two passwords to access all my online accounts.
By the way, describing this strategy is far more tedious than actually using it!