My personal choice:
1. Use password manager (I use KeePass, but other ones are no worse).
2. NEVER-NEVER-NEVER let your encrypted passwords database leak to server you don't own, like DrobBox, Google Drive and so on. Only direct rsync/scp from one machine you own to another one.
3. If you need to access some account from the machine you don't trust completely (such as your girlfriend computer - you may ultimately trust her good intention but be not so sure about her sysadmin skills), don't plug USB drive with your password database in. Open password manager on your phone or tablet look up the password you need and type it in untrusted computer by hand.