In our last article, we talked about what to do to have secure passwords, and we have come to the conclusion that, in general, long passwords are safe. Today we will talk about different methods of storing passwords, as some ways are better than others.
In your head!
This method is effective if you have a good memory and a small number of passwords. However, the problem occurs if you need to remember a larger number of complex passwords, PINs, and other relevant information. Also, what happens if you forget your password? You will face a reminder procedure. In most cases it is fast, but in others, it may be problematic, for example, the bank account passwords. So, the method might be good, but only in a few cases, like master passwords.
On the paper
I would usually not recommend this method of storing passwords. Especially, if they are stored in an easily accessible place, such as on your desk, under your keyboard, or stuck to your monitor. Any visitor can then see it written on a piece of paper. There were even cases where the passwords stuck to the monitor were visible for TV viewers during interviews!
But there are at least two cases when writing passwords on paper can be a good idea. Firstly, in your testament with indication for your family what this password is for and where to use it (just to make it easier for them). And secondly, keeping important passwords, stored somewhere deep and safe, in an envelope with a seal. This might be possibly stored for example in the safe deposit box.
In the browser password manager
While this method is easy, and allows you to use your passwords on any device without remembering them, by doing so, you allow the password manager provider to have access to your passwords. It can be either Google (if you use Chrome) or Mozilla (if you use Firefox). So the question arises: how much do you trust your browser provider with your most sensitive data? However, because it is extremely simple to use and sync, it may be a good option for less-sensitive data, like passwords for hobby forums.
Some companies offer plugins for browsers, like 1Password, LastPass, or KeeperFill – that are quite good and usually have more options than built-in browser password managers. Although the issue with them is the same as with the browser passwords manager – you must trust the company with your passwords. Most of them have both free and paid options, so you can try those before buying the actual plan.
Also, you can ask yourself if those password managers are secure. Even when you trust the company that they won’t use your passwords for malicious reasons, you should probably ask your chosen password provider: what if you get hacked?
Store in file
But absolutely not in plaintext, as there are many ways in which plaintext passwords can be compromised. Rather in the password manager. Of course, there is, again, a matter of trust for code developers. However, there are always ways to check it. For example, KeePass and KeePassX are Open Source software that allows anybody to review source code to check if they are secure.
As per synchronization between multiple devices, you can just add your password file to any sync provider. The file is encrypted (with your chosen method: AES, Serpent, Blowfish, etc.), so it is secure, even if the cloud provider behaves maliciously or gets hacked.
But please be sure to remember your master password – without it, you will be unable to access your encrypted passwords – ever! Password file encryption in password managers is extremely serious, and even brute force will be problematic due to the usage of many rounds of encryption!
It is technically not the next method of storing passwords, but an additional layer of security. It is just another way of proving that you are an actual password owner. Second-factor authentication can take many forms: mobile text message, email confirmation, or Authenticator application (like Google Authenticator).
Choose the most foolproof protection
Unsure whether your passwords are stored correctly? Drop us a message, and we can help you sleep easy again! As experienced business owners and individuals, we know best how to store passwords securely. After all, we too have a lot at stake if our methods turn out faulty. Our Client's data and business reputation are just two of many repercussions we would face if our passwords leaked. We are always happy to help! Our Client's security is what matters the most.