password policy
I got so peed off with different sites requireing different policies, that I came up with my own.
I have three passwords, (four if you include the ones I don't bother remembering) that I use for everything.
I have my use everywhere password for low value sites that wont hurt me if they are cracked (such as this one). It looks like Passw0rd (but isn't) giving me 8 character mixed case with digit to satisfy most sites.
I have the passwords that must be changed on a regular basis such as work, it looks like Password1311 (but isn't), the digits are the year and month I last had to change it.
I have a complex non-guessable password for bank accounts etc.
And finally, for infrequently visited sites, I just use the "forgot my password" link and have them send me a new one when I want access.
I am not a fan of keypass or the likes as they are just a single point of failure. If someone hacks my hotmail account, if they take the time, they can find references to some of the other sites I access, and maybe even some of the user ids I use. They can they try to access each one individually to see if I have used the same password. If the break my keypass account, they have full access to every site I have registered with keypass, no need to guess. And that motivates hackers to target keypass.