How do I securely store and manage 180 passwords?

My favorite password storage tool is KeePass:

What is KeePass?

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

Is there any limit as to how many passwords you can store in it?

Only in theory. You can put as many entries into the database as you want, but at some point your USB key or HDD will be full.

Is there a way to automatically sync changed passwords?

No, not like you expect it.
You'll want to make that a regular, manual process. This can not and should not be automated.

I like to set up expiration dates for all my password entries:
Then I remember to change my passwords regularly. I store the URL of the website with the password entry, so it's a quick process.

Can I automatically log on to a website like Facebook using this software?

No, not automatically either (at least to my knowledge). But this is where Auto-Type comes into play. For example, for Facebook, this is my Auto-Type setup:

As you can see, I've created 3 configurations for different browser titles. This allows me to simply go to facebook.com, press Ctrl+Alt+A, and the username and password will be automatically entered and I will be logged in.

If you have multiple username/password combinations for the same window title, you'll get a popup window asking you which password entry should be used.

What about mobile?

There are apps that support the KeePass container format on mobile devices. But I stay away from those. I just don't like the thought of my KeePass database on my phone.

I prefer to only transfer single passwords using the QR Code Generator plugin. It lets you generate a QR Code from a password, which you can then scan with your phone. It helps to have an app that can copy the scanned content to clipboard.

There appear to be several easy to use Excel password crackers around.

I would use a password management system like 1password or LastPass which work on several OSs including mobiles.

These have plugins for most browsers which can fill in passwords and other information to the web form. 1password can also set up a bookmark in the browser which will automatically login (All uses of the app require use of a master password first)

1password can also store notes, account (e.g. email, ftp) and templates to help store credit card, bank account and other information. Although it is commercial you can get a free demo that allows entry of up to 20 items.

One difference between the two is that 1password only stores the data locally (although you can sync the encrpted data using dropbox or similar) , Lastpass can (must? someone please correct this) store the data on its web site which allows web access to the data and no need for dropbox etc.

Password Hasher plugin (for Firefox) is what I personally use.

How Password Hasher helps:

• Automatically generates strong passwords.
• One master key produces different passwords at many sites.
• Quickly upgrade passwords by "bumping" the site tag.
• Upgrade a master key without updating all sites at once.
• Supports different length passwords.
• Supports special requirements, such as digits and punctuation.
• Supports restricting a hash word to not use special characters. (New!)
• Saves all data to the browser's secure password database.
• Generates a portable HTML page with your site tags and option settings that allows you to generate your hash words in any browser on any machine without the extension installed. (New!)
• Can add marker buttons to unmask passwords on any web site. (New!)
• Extremely simple to use!

_{(source: mozilla.net)}

I personally use PasswordMaker to generate passwords from a master password and the site's URL. The project is fairly mature, open-source and stable. It is available for Firefox (as an extension), Linux CLI, Android etc.

How it works:

Warning - technical jargon in this section! You provide PasswordMaker two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PasswordMaker calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it.". In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!