My "computer" is pretty much my USB key. If I use my machine at home, or at work, or basically anywhere at all I use only apps on my key. I use an encrypted usb key with it (truecrypt). I have 5 encrypted volumes on the key.

1 contains firefox only and can only be opened with a keyfile. I keep this segregated b/c portable firefox has a tendency to corrupt encrypted volumes - especially if the key gets knocked while truecrypt is mounted and FF is running. This way if the volume borks i only lose FF. Just in case someone comes up to my machine while i'm not there - FF is not set to save temp data or passwords. It runs noscript and cslite and foxyproxy.

2 contains all my other portable apps. This volume, like the firefox volume is only opened by a keyfile. My apps include PortablePidgin + OTR, foobar, vlc, Libreoffice, notepad++, utorrent, xampp web server, CCleaner, Eraser, Cybershreder, Restoration, Foxit PDF, Filezilla, Putty, Keepass, a bundled Firefox/Tor browser that I use only rarely, irfanview, gimp, 7zip, and FreeCommander file manager and many more.

3 Holds my files, pictures, documents, etc... Also opened via a keyfile via truecrypt like the last 2.

4 The holds my keyfiles to open volumes 1-3 and volume 5. This one is opened by a 16 character alphanumeric and symbolic password. It contains a keyfile for my keyless ssh login with Portable Putty to my home linux box, and it contains a keyfile to open my encrypted password database for keepass. The database resides in my "files" volume. the Keepass application resides in my "apps" volume. I cannot access my other volumes, my ssh tunnel or my passwords if i cannot access this volume - but once access all these things are password-less.

5 One for porn that i leave closed until necessary. Only opened by the key file on 4. I generally don't save video - so it's all pics and such.

Now - I have over 400 passwords in my KeePass database (granted a lot of them are various system passwords from an old linux job i had that didn't have centralized auth on their boxes). Each password is unique and I don't know a single one of them. They are all 8-16 characters, alpha-numeric and symbolic when allowed. I set up keepass to use a keybinding (Ctrl Alt A) to auto fill username and password in websites I visit. I only know a handful of passwords - to my encrypted volumes (on my key and laptop alike), and my work (current) related passwords which i have a whole other system for. !B/c the keybinding will trigger an autofill of the username and password, I bypass KeyLoggers as well.. I hardly ever have to type a password unless it's in a linux shell or in a Windows box for elevated privs, or for my one encrypted USB volume that opens with a pasword (which I change the PW to every 45 days).

I have a script I wrote that launches volume 4 - prompts for the password, when entered correctly, it automounts the other volumes using the key files with the 4th volume.

Here it is: (filename launch.bat, i added some comments to further clarify the flow of things for you all)

@echo off
goto all-tc

REM ------------------------------------------------------------------------------
REM Mount Section
REM ------------------------------------------------------------------------------


:all-tc
start TrueCrypt\TrueCrypt.exe /v Truecrypt\keys.tc /l n /p %thepass% /q 
echo Mounting N:
pause

echo Loading favorites
start TrueCrypt\TrueCrypt.exe /q /cache y /auto favorites /k "N:\truecrypt.key" /w
pause
goto all-apps

REM ------------------------------------------------------------------------------
REM Apps Section
REM ------------------------------------------------------------------------------


:all-apps
cls
call justapps.bat

cls
goto end

And of course that of course calls the justapps.bat which launches my apps

start M:\Apps\PuTTYPortable\PuTTyPortable.exe -load "phone-home"
start M:\Apps\PidginPortable\PidginPortable.exe
start P:\FirefoxPortable\FirefoxPortable.exe
start M:\Apps\KeePassPortable\KeePassPortable.exe "R:\Pass\main.kdb" -keyfile:N:\keepass.key
start M:\Apps\psmenu\psmenu.exe
start TrueCrypt\TrueCrypt.exe

As you can see it also auto-launches needed applications. It fires off Putty and connects to my home box (setting up an socksv5 proxy that firefox will tunnel over). Instructions for this relevant part is here.

It launches Firefox, a menu application so i have easy access to my portable apps and KeePass.

While it sounds complex, i stick my key in, double click an icon, type a password and everything auto opens and connects for me. And while my password system is incredibly complex, it's actually made my life simpler - now i just hit a keybinding and bam - i'm logged into whatever. It's much faster than typing everything out.

I have scripts for other things too - a script that automate the backup of the encrypted volumes, bash scripts that copy over my portable windows firefox profile to my linux /home directory, etc..

Firefox uses the foxyproxy extension - i have a whitelist of sites (mainly work related) that tells firefox if i go to these URLs to use the local LAN connection - everything else gets tunneled over Putty and SSH being encrypted the traffic is not sniffable.

Even DNS requests go through the proxy. (it tells you how to do this in the thinkhole.org article i linked above).

I use noscript too which prevents a lot of online malware and various hijacking attempts. I worked at a company that required we use IE and no other browser so i just decked out Firefox's theme to look exactly like IE and loaded up IEtab2 for work related sites. (Note anything loaded into IE tab will use your LAN - not the Putty tunnel).

So throughout the day:

i send no traffic over a network that could be monitored on the local LAN. People can tell i'm using ssh on a non-default port but that's about it only if they do deep packet inspection really as I'm going over 443 for ssl. The traffic I allow them to see, no one would complain about. Some large organizations would fire someone for doing this but i've always been in positions where I'm allowed to use SSH for a number of reasons and I would lie about why I'm using SSH to begin with and let them challenge me on it because I know they wouldn't have proof.
Because my SSH connection uses a RSA key and not a password - my server is more resistant to brute force attempts and no one can grab my SSH password with a keylogger. Here's a HowToForge article on setting this up.
I leave no temp files on the hard-disk - i don't so much as leave a registry key change from my activity on a windows machine. Because I use a portable File Manager - i don't leave any MRU/history data even in Windows 7 from opening directories/folders, etc.. This is great for porn whereever you're at and no matter who you're hiding it from.
i have virtually no account that can be compromised by password brute force. If one of my hundreds of accounts gets compromised due to bad security at the site/system i have the account with, none of my other accounts will be affected by this. No two passwords are the same.
Keyloggers cannot grab my passwords either b/c i rarely type them in due to the keybinding setup in Keepass.
And if anyone got a hold my usbkey - the volumes are encrypted and backed up on a machine at home. They can't get to the data, and i have a backup plan.

Not only do i have to not worry about someone finding anything on any device of mine, but when i die i don't need a buddy to delete my history or my porn. :-) A combination of disk and network encryption, obfuscation, and portable apps keeps me secure from anyone and makes my life easier at the same time.

The only people who could tell what I'm doing most of the time is my ISP and when I want to avoid them, I just use Tor or I do a ssh socksv5 proxy to my webhost.

This all started when i had a workplaceI intent on monitoring and controlling user's browsing and chat habits and it just struck me as a challenge. This was years before i even met my wife and it has provided useful when girlfriends have asked me for my email password - and i can honestly say "i don't know it". Or when they wnat to use the computer directly after me and i can let them feeling assured that i left nothing behind that would offend their senses. I since have found a woman who doesn't freak out at her husband's sexuality....but I still use this frequently at work, not to hide donkey porn viewing or anything but hell - just to post on reddit or to chat over AIM or IRC.

I find this USB key setup to be fantastic when i use any public computer or computer at friends/family's houses - all my apps, settings, and files go where I go and I stay pretty secure in almost every way.