Due to the bad password practices of the general population, the latest example is the Sony Pictures hack uncovering the passwords of Sony Pictures employees(as well as SSN and more):
As in our previous post where we discussed the hack.
Now various forums are picking apart the very bad password practices of Sony Pictures employees.
So we know the passwords were kept in an excel file, unencrypted and very easy to steal (once hackers are on the systems)
My line of thinking is this, even a password manager such as Keepass and lastPass among others in PCmag review will require a modicum of security and constant vigilance, this may not be possible for most companies and people.
My recommendation is to keep it offline. there is no reason for you to access your password list remotely anyway(too risky), so just keep it in a pad of paper and secure the pad of paper. If the list is offline then hackers cant get to it.
I do want to add that keep your password as long as possible (15 digits preferable) also numbers lower/uppercase are paramount, add one or two special characters and now one more thing.
Do not use this same password in all of your logons. Since if one of he sites is hacked you now are hacked in all of them.
Notice the large amount of Facebook and other social media sites (twitter) that Sony pictures used. All were hacked.