I'm using Keypass with Dropbox to sync the db files. Without 2 factor. If you don't want to put all your eggs in one basket, I'd suggest using separate databases. One for each client is a good method. You have to remember more passwords so your secretpass+clienthash method.
One thing about using a password manager is that it needs to be easily accessible or you will fail to enter all your assets in it, and it becomes less valuable. That's why I use Keypass & Dropbox which makes my passwords available on my Win7 workstation, my Android phone and my iBook.
So in the case of someone getting your master password and access to your file you'd be open to someone stealing all your credentials. That doesn't bother you? Especially since you're probably more exposed to attack vectors by being on a Windows machine and having your local file system compromised in some way?
It's not perfect, but that's not what I'm after. Password authentication is horribly broken and it always has been. I need a solution that is reasonably secure and helps me manage hundreds of passwords. I need these passwords to be available to others in the event of my death or dismemberment.
If you store a key on that same compromised Windows machine you are still screwed. End of story. Even if you store it on removable media they just grab it & your password at the time of access.
I would love a password manager that supported HOTP[1] or TOTP[2] (in conjunction with something like google authenticator). My mobile is pretty much always with me, and works well as a software based dongle (with OTP generators).
One thing about using a password manager is that it needs to be easily accessible or you will fail to enter all your assets in it, and it becomes less valuable. That's why I use Keypass & Dropbox which makes my passwords available on my Win7 workstation, my Android phone and my iBook.