KeePass, LastPass and two-factor authentication

KeePass (Windows only) and KeePassX are database compatible, and there are many KeePass clones on other platforms, e.g. KyPass for iPhone and others for Android.

When combined with something like Dropbox, it's quite easy to keep your password DB available on various devices, although you multiply the risk of a keylogger grabbing the KeePass password. (Dropbox has a pretty good Linux client that includes a CLI-only install for headless servers (just use lynx on the server), and is very quick at syncing small files.

I also use LastPass for less critical passwords, and by generating a strong random password for every site, the main risk is that the main password is stolen. LastPass supports Yubikey, a low-cost USB token with AES encryption, which emulates a keyboard - so a keylogger attack would have to steal the LastPass password and my token. There's still a risk of LastPass-specific targetted malware, so client systems need to be kept updated and secure. Free as in beer on Linux, Windows, Mac, etc, with paid-for apps on iPhone and Android.

Duo Security is an interesting option to secure your own systems' SSH, web apps, VPNs, etc - they use phone calls, SMS or push notifications to smartphones as a second factor, and can be integrated with PAM. Free for up to 5 users or open source projects.