My solution was to move the password database and key file to my iDisk on my dot mac account. Now it just doesn’t matter if I’m at home or at work I’ll always have access to my passwords. I still keep a copy on my USB drive but it’s a backup in case I’m using a computer that doesn’t have internet access. If I loose it, NBD…

For clients, I’ve pretty much stuck with a document (Pages, Word, or Excel) that has login information for sites, email accounts and any FTP information. I tried Serverskine but didn’t like the lack of email account support, so a simple table structure in a document works fine for me.

After reading some of the comments I may want to look into some sort of password manager and consider stronger passwords as well.

db

It has the advantage that most OS X programs store their passwords in the login keychain already so it already has the foundations of a handy central repository for you to store additional passwords.

You can create multiple keychains with different master passwords and can store these new keychains on a USB drive, should you wish. (Though they’d only be accessible from another Mac.) It even has a password generator so you can create unique strong passwords e.g. for websites you don’t use much.

There’s a fairly good tutorial on using Keychain here (though it’s a little ad-laden for my tastes, sorry):
http://www.mostofmymac.com/articles/the-key-to-keychain-effective-use-of-apple-keychain/

My tip would be to configure it to show in the Status Bar (up by the clock), it makes it much, much more immediate to use. Open up Keychain, go to its Preferences, and under the General tab tick the “Show Status in Menu Bar” checkbox. You now get a little padlock icon up by your clock which allows you to open Keychain.app, quickly lock your screen or keychains, etc.

For Windows users, back when I was a Windows sysadmin used I relied on the excellent, free & open-source software called PasswordSafe:
http://passwordsafe.sourceforge.net/

From the site “Password Safe is an open-source tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords.”

You can store its database on a USB drive; I used to store it on a network share. I’d imagine the executable can run from the USB drive, too, so should be portable. (But Windows-only.) There was a PocketPC/Windows Mobile version around back when I used it, which was really useful: I’d store a copy of the database on my iPaq and have instant access to the passwords.

Originally created by legendary crytographer Bruce Schneier — he’s the “daddy” of modern crypto algorithm computer programming implementations, see his book Applied Cryptography — I’d be willing to bet that the encryption in this software is top notch.

As far as password management advice goes, I’d *never* use Gmail — or any other e-mail system — as a password repository. It’s just not trustworthy for many reasons, but it’s a non-starter for Gmail because the traffic isn’t encrypted past the initial sign-in, so should you be using it over an open wireless network all your passwords are flying through the air completely unencrypted and rife for the picking. I’ll pass on that risk, thanks!

But then, I’m not sure I’d trust any third-party with the entire set of passwords. I’d go with a password manager as you then control the data and its security yourself, but I’d also take the added step of regularly printing out the passwords unencrypted on paper — or at least the “master” password along with details on how to get to the password archive — and storing this in a secure location such as the home/office safe. Back when I was a network admin I considered this essential: if I got hit by a bus the company would be be a lot less stuck than if I took the password archive’s master password and its contents to the grave! (This also applies to family members. For instance, should the worst happen, can they get access to the household accounts on your computer?)

I’m not using Excel’s built-in password functionality. That, as you’ve pointed out, has been found to be very weak. Instead, I’ve taken the BlowFish encryption algorithm and implemented it as a set of macros in Excel. To crack these encrypted fields would imply that you’ve found a flaw in the BlowFish encryption routines.

Have you tried PassPack? There is a simple notes field so that you can jot down comments. It’s a free service, and it uses an encryption algorithm which has been approved by the US government “for top secret” documents.