KeePass on something normally-offline like a thumb drive is probably a decent compromise where needed, but I'd still encourage people to keep their most sensitive passwords either undocumented or partially/incorrectly documented.