I keep my passwords safe in one place - my head. I actually use a different combination according to the type of service - say if you get my PokeMMO password. It is combination of an unique key pertaining to PokeMMO, and a pass key I use for all my gaming accounts. Desu or whoever has access to that information now know my PokeMMO unique key and my gaming key, but do they know which is which? And if they do know which is which, they now need to find the unique key for each of my other account in order to crack it. For security stuff like banking, I actually have three keys. This has not failed me so far.