> Of course, there are still things that I need to remember my passwords for. For example, anything I connect to via a terminal I have to be able to remember the password for because you can't paste to a terminal (at least not that I know of, if you can then someone please tell me!)<p>I'm not sure what OS you use, but many terminal programs on Linux (and at least one on Windows) allow you to paste by right-clicking or middle-clicking. Or by pressing ctrl-shift-v, but I find that slightly awkward.
I've been using a similar scheme but without a database. Just a bcrypt hash of my password using the website/systems name as a salt, and then formatted according to an alphanumeric alphabet with symbols.<p>It also has support for sub passwords (such as "work/twitter") where it simply generates the "work" password and uses that to generate the twitter password. That way I can give the work password to anyone who needs it and they can get into twitter/etc, while not needing to remember it myself.<p>This is useful because I can upload the password generator to a website, along with keeping copies on my phone and pc.<p>I'd be interested in knowing the cryptographic security of this scheme, but I'd assume its pretty good.
But you can see your password if you paste it into a non password field? So you really could know it if you wanted to. I still see the benefit I guess because of the reasons you mentions.
So... what happens when your database gets corrupted/your hard drive fails/laptop gets stolen? How are you going to connect to all of your everythings?<p>Alternatively, what happens when you want to transition away from KeepassX and to another, better, more advanced password manager? Or away from password managers all together?<p>There are so many meta-problems to deal with when using password managers, I think in the long run they might be more trouble than they're worth.
The people that run the sites you use could easily know your passwords. Even if they do store them hashed they may see them in POST debugging logs or something.
It almost goes without saying, but one of the biggest benefits in my opinion is that you get to have a different strong password for each set of credentials. Thus, god forbid, if some site you have an account with doesn't encrypt your password in their DB and gets hacked, you don't have to worry about changing all your other logins.
I wrote a similar article to this and I highly recommend not using anything without multifactor authentication in place. <a href="http://blog.danielfischer.com/2011/05/12/its-time-to-start-using-a-password-manager/" rel="nofollow">http://blog.danielfischer.com/2011/05/12/its-time-to-start-u...</a>
I think there should be a program like this that sync to mobile devices so you ddon't have to have your primary device with you to be able to use your accounts.
Before you use a password which is 9,999 in length, make sure the site you're providing this password is even compatible beyond 8 characters. There are password field boxes out there which would fool you by taking your long password until you realize later that they only took 8 to begin with.