Strong passwords can be difficult to remember… sometimes even impossible to remember (and passwords that are easy to remember are often weak). So what’s the way out of this conundrum? Storing passwords, of course! But which storage option is safe?
We’ve seen earlier that strong passwords are actually harder to remember than weak ones. And it’s not surprising… A strong password contains 15 or more characters. Enforcing a strong password for every site you log in to, might require some exceptional memory skills, or just a few handy hacks.
So how do you store strong passwords?
Well if memory-enhancing techniques don’t work, you could write them down, store them in a password-protected text file on your computer, or use a password manager.
Let’s look at the pros and cons of each of these password-storage techniques.
1. Writing down your passwords on paper
This is the old-school way that some people endorse thoroughly.
Your passwords can’t be stolen by hackers on the internet.
The book/paper you write your passwords in could be:
- Stolen: Hackers might not be able to steal your credentials, but other people might. If anyone knew that you carried around your banking credentials in a little notebook, why wouldn’t they want to steal it? Sure, your FTP and phpMyAdmin passwords might not look as valuable as your banking credentials, but anyone could use your website to gain anything, even to steal your customers’ or investors’ information and sell it on the net.
- Read by someone other than you: Of course to prevent this, you could write them down in a way that only you could understand, but then again, it would be almost impossible for this information to be passed down to anyone else without you explicitly explaining how to read the document. Besides, what would happen if you forgot how to read it?
- Misplaced: What if you forgot where you put the important little booklet? You would have lost every single password to your website, and would have to reset them all, in which case, you’d have to have an alternative way to store them.
2. Storing your passwords in a password-protected file
This file could be kept on your computer, or on a portable storage device, such as a USB drive, or an external hard-drive.
Your passwords are less prone to being read by someone else, or lost.
- You could forget the password protecting the file.
- Hackers could use keylogging malware to know exactly what your password is.
- Malware could corrupt the file so it’s not readable or retrievable, or so that the file keeps crashing.
3. Using a password manager
Password managers are programs or software that store all your passwords in a single place, in an encrypted form. It’s like having a password-protected file to store your passwords in that you need a very strong ‘master password’ to log into the Password Manager. However, password managers encrypt all your passwords before storing them either on your local computer, or on the cloud. This storage destination depends on the type of password manager you use.
There are three types of password managers. Firstly, there password managers that are offered as a bonus feature with a security product or another software (like extensions to antivirus software, or to browsers. Secondly, there are standalone password managing products which store your encrypted password on your computer (an example of this would be KeePass). Finally there are web-based password managers, which store your encrypted passwords in a location known to them, and hence provide the functionality of auto-filling up your password fields and even forms.
Password managers too have their own pros and cons.
- This is the most obvious one: they allow you to use strong passwords without forgetting/losing them. Some password managers even generate strong, random passwords for you, and store them.
- All your details and passwords are encrypted with high-level encryption. This means hackers who might even try to steal your passwords will have to use high levels of decryption before they can use them.
- Good password managers do not store or encrypt your information on their servers.
- Depending on type of password manager, you can choose to save your encrypted data locally or on cloud-based servers.
- They’re compatible with all major browsers, so you can auto-fill online login forms with a click.
- Depending on password manager choice, premium features include:
- Access of passwords across different devices.
- An audit of all passwords, and generation of random, secure passwords to keep credentials strong.
- Two Factor Authentication for extra security.
- Password managers that store passwords on their own server, or perform encryption on their server aren’t safe. Unfortunately, even some of the topmost password managers do this. LastPass was hacked twice in July 2016, fortunately by white hat hackers who disclosed the vulnerabilities responsibly.
- Storing the password on your computer has its risks. For example, a hacker could performs a keylogging attack to determine what your master password is.
- The entire structure of a password manager depends on the user’s Master Password. This means if you forget or lose your master password, you lose access to all your passwords– there is no ‘forgot password’ link. Moreover, if your master password isn’t strong enough, all of your credentials could be hacked.
Just as there is no such thing as a completely safe website, there are no completely safe ways to store your passwords. Whichever method you choose to use, the safety of your passwords depends on how cautious and proficient you are in using the storage method.