Password managers alone are out of the question. In part 3, I go over the method I find to be most secure for personal cold storage. KeePass is involved, but the database is doubly encrypted (by KeePass and the persistent storage volume on Tails). You also need a secondary USB key containing the keystore file. Accessing the contents of the database requires:
- one of the redundant main USBs with the encrypted KeePass database in the persistent storage volume on Tails (which is also encrypted & accessed via password at boot)
- a separate USB with the keystore (which should be redundantly stored in different, multiple secure locations)
- the KeePass password that is either memorized or stored on a separate secure system
An attacker could have 2/3 and still be totally unable to access the system, and if you are storing these properly you should be able to verify their physical security and take measures to move funds if one of the devices is compromised. This is why you should memorize at least one password, whether it's the KeePass one or the Tails encrypted volume one. That way there's no way that somebody can physically steal all the parts.
The wallet should only be used during creating (for testing), and for a one-time withdrawal (at which point you should create a new wallet for maximum security).
RE: Tomshwom's Advanced Crypto Security Guide (Part 2) - Wallet Analysis