I keep all keys, passwords and wallets on an encrypted USB drive and have made some backups of it.
If all the backups would be actually hidden and not one is plugged in all the time for convenience, an attacker must do 2 steps, find one of the backups and get the password that is only in my head. But this is scary too, it's possible to forget a password and lose all coins.