superFoolish wrote:I recommend getting started with the basics immediately...
Seconded.
I use KeePass but still have to remember a few passwords:
a) main email - probably biggest security risk if it gets taken over
b) KeePass database - biggest pain if it's ever lost, forgotten or corrupted (so DB is backed up and password is seared into memory)
c) Google (or Microsoft account)
d) motherboard BIOS security (PC won't boot without it)
e) Bitlocker (Windows encryption on C and D drives)
The rest are all in KeePass. I use it for everything as it avoids having to remember which accounts are trivial and which are important, or somewhere in between.
Second level security (encrypting the encrypted database file, disguising it etc, is good, but can be done at leisure during or after the basic data is transcribed into KeePass (or whichever vault you end up selecting).
I keep a copy of my database in the cloud (pick whichever service you trust, but I tend to go for Google or Microsoft, as they are supposed to be good at this sort of thing!) which I can then access via a Chrome extension in read-only mode (i.e. no need for KeePass software to be on the browsing machine) so is accessible on any device. I prefer this versus say, LastPass, as I want control of the database, not being wholly trusting of on-line service providers whose business model makes them stand out specifically as THE place to hack for important accounts data.
I originally had my security data in a password-protected MS Word document (yes, I know!) and it probably took me a month or two to move all the data across. Not that there was a month's worth of work, just that once I'd set up KeePass, read how to use it and started playing, I typically moved a handful of accounts at any one time, rather than making a proper task of it. As they entered KeePass, so they were deleted from the MS Word document. I made it a rule to not log in to a site unless its data had been transferred. It's also the perfect time to go and change weak re-used passwords to unique, strong ones.
KeePass will let you organise your entries into folders and sub-folders, so you can group financials, insurance, social, hobbies, loyalty sites etc. together, handy when showing your trusted other what they need to access in the event, or even for when your executor sees it for the first time, having received instructions and password via your will (a potential security breach if the will is stolen and the thief can get access to your computer of backup, but something to worry about later, rather than a reason for delaying getting set up).
I tend to be creative with answers to security questions; I wish there was a site I only logged in to on a Wednesday, 'cos then I could "identify as female on Wednesdays" and actually be telling the truth
Just be careful to consider any consequences; e.g., if a site had reason to demand documentary proof of ID then having a different D-O-B, might cause delays etc. (think banks, insurance, government and bookies - tax and money basically).
Password managers can be used as simply as a secure document - so you go in and copy/paste relevant data whenever you need it, or they can automate security processes for you. One feature of KeePass that's worth its weight in gold is the "autotype" facility, which you can customise to meet specific sites login protocols.
E.g. Bank-of-VRDiver wants me to input 3 characters from my very long and very secure password, but the three characters are randomly selected (by the bank) each time. Rather than have to open the entry in edit mode to reveal the password (or copy and paste the password to plain text to read it somewhere) and then try to figure out if character 18 is a "I", "1" or "l" etc. you can configure KeePass to let you select which characters it will return: (In KeePass, if you open the Bank-of-VRDiver entry and select the Auto-Type tab, then put {PICKCHARS:Password:ID=1,C=1}{PICKCHARS:Password:ID=2,C=1}{PICKCHARS:Password:ID=3,C=1}{TAB} in the "Override default sequence" field will, when logging into the bank, present a selection screen where you just click on the numbered circles that correspond to the characters you've been asked for).
Not the most fun you can have on a computer, but it's more fun than having your finances etc. hacked.
VRD