Store your passwords safely
Parts of the following are adapted from a piece I wrote for Tactical Tech’s Data Detox kit, another great resource for digital security. Thanks to Tactical Tech for sponsoring this article and giving me permission to reprint it!
So it turns out passwords that are easy for you to remember are also easy for criminals to guess. What do we do to protect our accounts?
As I’ve written elsewhere, it’s best to have a long, random password for each account, one that you never re-use. Then, instead of remembering passwords, you need to keep them safe.
The safest way to store your passwords depends on your personal situation.
Which of the following is true for you?
Scenario 1: I live with other people who I don’t want to have access to my accounts, or I use my devices in a number of places, like my home, workplace, a relative’s house, coffee shops, etc.
Scenario 2: I live alone, or only with people I trust, and I only use my devices at home.
Pick your technique for storing strong passwords
If scenario 1 is true for you, consider using a password manager. Writing down your passwords could be risky, because other people could look for that list and use it to get into your accounts. Or it could be annoying if you write down your passwords in a notebook you leave at home, and can’t get access to your accounts somewhere else.
If scenario 2 is true, consider putting your passwords on paper. Some security experts advocate that in cases like yours, having a paper list of passwords might be an easier solution than using a password manager. Keep a notebook near your computer or a place where you use your phone or tablet, and keep track of the unique password you use for each site. Ideally, this should be kept in a locked drawer.
What’s a password manager, and how do I use it?
A password manager — like 1Password, LastPass, or KeePassXC, the ones often recommended by security experts — is basically an app whose sole purpose is to protect your login credentials and other sensitive data. A dedicated password manager can usually both store your passwords and create new long, random, unique ones. Most dedicated password managers make it possible to sync your passwords across devices, or even set it up so you can share some passwords with your family or coworkers.
Password managers use strong encryption and other extra security measures. Encryption on dedicated password managers is the best protection you have. It’s much, much more likely that a unique random password will be exposed in a breach than that someone will break the encryption for your password manager and get at all your passwords.
This DOESN’T mean storing your password in your browser. Don’t do that.
Specialized password managers are not the same as having your browser (Safari, Edge, Chrome, Firefox, Opera, etc.) save your passwords. That kind of storage doesn’t provide the same protection as a dedicated password manager. And the “auto-fill” function of your browser can put your passwords at risk.
To keep your accounts safer, don't use the “remember me” or “save this password” functions on a website or in your browser. Learn to recognize the pop-up your dedicated password manager gives you when it's time to save a password. Better yet, copy your password by hand and paste it into that manager.
Putting your passwords on paper means ON PAPER.
When I say “write them down on paper,” I mean ON PAPER. When I say “password manager,” I don’t mean “put them someplace in your computer that you CALL your password manager.” DON’T save your passwords in a document on your computer! If it’s digital, a criminal can find it without physically accessing your device.
Particularly not a document named “passwords.” This is like putting a cherry tree right where all the neighborhood kids can get at it and putting a sign on it saying “DELICIOUS CHERRIES, OVER HERE!” You’re setting up a very attractive target for digital intruders if they find you over a wifi network or get access to your device using malware.
I’ve got one relative who stores his passwords in a password-protected, “encrypted” Mac document on a server. I’ve got bad news for folks like him: that isn’t actually secure. The password protection in programs like Word or Pages is usually pretty easy to crack.
For more steps you can take to protect your digital security and privacy, pick up a copy of Keep Calm and Log On!