I know there are many highly-rated password management programs and services on the market for Windows home users, but I have hesitated using any of them because I don't know how safe they really are - it seems as though a devious programmer could easily include a hidden back door hack that would allow them to steal everything without the user's knowledge. Sadly, these days, incessant data breaches in corporations and in government sites, have demonstrated pretty conclusively that no data is truly safe, anymore.
Keeping a written password list is quite inconvenient; it requires every password to be manually written down, then looked up and re-typed into the computer, and if you lose the paper list, you are RUINED. Keeping an electronic password list in a document is easy and simple. But the document surely needs to be kept offline, not on the computer's hard drive.
For lack of a better idea, I currently have a USB thumb drive where I keep a document containing all my passwords for website accounts and in a few cases, for applications. I plug it in briefly when I need a password: with Explorer's preview pane turned on, the password text contents of the file are visible in the preview pane for a quick lookup and copy/paste. Then, I immediately dismount and unplug the thumb drive.
Somehow this makes me feel a little safer, but it's probably a foolish illusion: after all, any time it's plugged in and mounted, it's probably subject to being hacked. And, even after I dismount and remove the thumb drive, I wonder...do the file contents that were displayed in the preview panel, persist as a latent image in my paging file or in Microsoft Office or somewhere else on my computer, where a potential hacker might access it?
Also, I realize that the password itself, which I copied to the clipboard, remains potentially at risk there, as well.
And, of course, there's the question of whether/how the thumb drive itself should be encrypted and password protected...as well as securely backed up to someplace else, since, eventually any USB drive can, and probably will, fail.
Is there any truly safe way, not involving third party software, websites or 'cloud services', to keep an electronically accessible password list, that's absolutely free from security breach, password protected or encrypted, and safely backed up, and always stored where I personally have in my immediate, secure possession? What am I missing?