Password vaults

Given the advice to change all passwords due to this Heartbleed bug, I'm wondering if it's worth getting a password vault to keep them all in. I'd want something that I can access from either my PC or my Android phone, so I guess a file that's stored on my dropbox and accessible from both?

Any suggestions?

I use KeePass (and the Android app, I think it's called KeePassDroid or something similar) to do this, it integrates into Firefox quite nicely too.
It creates a file that you can store where you like (I have a copy on my phone, OneDrive and my phone) that you access using a password, it then copies the password to the clipboard so you can paste it into the password box. On the computer it clears the clipboard in 12 seconds, on the phone it clears when you clear the drop down screen thing.

Obvious downside is that if someone gets hold of this file and gets into it they have all your passwords, but as you only have to remember one it can be much longer.

Upside is that you don't have to remember them so the passwords can be random letters, numbers and punctuation and you can get the program to generate them for you.

I use 1Password on my Macs, very good and appears to be secure.

https://agilebits.com/onepassword

I have that for macs, ipad, android and windows plus browser extensions - very good, though costs a bit more than the others.

Yes.. Or you go straight to the site via the app after entering your master password.

Another vote for KeyPass here.

There's one thing KeyPass doesn't do, which I have addressed with a standalone Windows application and that I'm planning on rewriting as a KeePass plugin, is the Verified by Visa / MasterCard SecureCode thing where it asks you for letter x, y and x from your password.

Also, be aware that some websites will actively prevent you from pasting in your password from a password vault. They feel that by forcing users to type in their password they are increasing security. Despite having a massive debate / argument with a friend on my Facebook about this, I maintain that all this does is to encourage a user to use a shorter and simpler password.

With KeyPass you have a keyboard shortcut (default is ctrl alt a) which selects the correct entry from the vault based on the title of the window you are viewing (so a window with "Pistonheads" in the title will auto-type your PH user/password).

You can also change the sequence and what is typed (the default is user [tab] password [enter] ) as well as adding delays etc (eg if you enter your username, click next, then enter your password on the next screen).

Finally, if you have multiple entries tied to the same window (eg multiple users for the same site/system etc) it will popup with a list of matching users and you select the one you want to use.