In uk.d-i-y Jaimie Vandenbergh wrote:
A folder of text files or even password-locked Excel sheet on a cloud
drive or USB isn't quite the same thing, security wise...

Indeed. Keeping the passwords secure in memory is hard, and any homebrew
solution is likely to do it wrong. Use something designed for the job by
people who know what they're doing.

The other extreme is a paper passwords sheet, as used by German banks
(iTAN): print out a few sheets of random passwords with an index number next
to them. On your phone store the index numbers for each account, like this:
ebay: 456
amazon: 178

Then use the number to look up a password on your paper sheet. You might
need to think of a scheme to mangle them into memorable shoe sizes or
whatever your bank wants (don't write anything on the sheet).

If someone steals your sheet, they have a few hundred passwords to try -
they'll likely get locked out beforehand[1]. If someone hacks your phone they
only get the indexes, not the passwords. If they steal both, well you did
put a PIN lock and encryption on your phone, didn't you?

Theo

[1] Unless they have a botnet available