I like to have them secure, because even with a nice phrase like "Two all beef patties special sauce lettuce cheese pickles onions on a seseme seed bun" you tend to forget exactly how they are arranged, especially if you only use them once in a while while tweaking that obscure router in some remote office. Besides not everything supports a large password like that. So I love to use Turbo Passwords. It keeps a copy on a machine and another on my Palm. Both encrypted so it is critical to make a decent key for the main software access, which is shared between desktop and palm.

Why do I like it? I have my palm with me all the time and I can access anything with the database. It comes with a random password generator that pops out some serious passwords. You could build your own very easy but incorporating it into the engine is pretty sweet. For instance, I am in an airport and I need to set up a wireless access point while at the bar... in arms with an Ice cold Fosters, I go to Turbo Pass, hit new. Peck out the url of the site that desires a password, peck out a username.... "GodzillaVSMothra" and hit "generate password" then type that into the URL hit save or done or continue or next and I have a totally random password stored in the palm.

The backside is if I lose that palm during the trip I have no way to recover the password. So internet based storage could be desireable. That is really a small risk and can be rectified but that is extra work so as soon as possible I sync with the laptop that has the software on it. In addition I sync my desktop and then home computer each day. The down side of internet based storage is, when you need it a lot of times it's because you are at a remote site and there is no internet.

But just in case; I FTP the encrypted export file to a couple of sites I own. I call it something.txt and stick it away in some directory. In the past I have even stuck it in a hotmail type aco**** just for safe keeping. And there is a (last resort or accidental death)print out stuck away in a bank deposit box with instructions to those who may open it. Call it a way to mitigate "key person" risk. And hey, I get a free deposit box in the deal.

Why go through all that trouble... I have over 200 passwords and I don't really subscribe to "single sign on" I take comfort in knowing my random exchange password is different from the domain administrator password, which is different from my user password, which is not the same as any other password. That is alot of work but, so is changing every single password every 30 days. That is NOT practical. So I rely on very random, very long passwords that get changed when I can and I try and monitor abuse.

If you really want to go cheap hotmail could work, I don't think you are using anything critical that could take down a whole block of IPs or customers, so hotmail could work. Just change them as often as possible and use a good password on the mail box.