Being on a first-name basis with the IT guy because you keep forgetting your passwords is a problem. If you can’t remember them, where is the safest place to keep passwords? This article will address the best and worst password storage options. Hopefully, you will stop being the running joke of the computer geniuses.
The safest place to keep passwords is in your mind. Remembering them can be difficult because of strict password policies. Using memory techniques keeps passwords fresh in your mind. Password Managers are another option but are not as safe.
Let me be the first to admit the IT guys used to hate me. They would say I knew just enough about computers to be dangerous. I know what questions to ask to make them work just a little harder. And they always seem to know when I’ve come back from vacation.
Have you ever spent longer than a weekend away from the office only to come back and forget everything? It happens to more people than you might think.
Table of Contents
Safest Place to Keep Passwords
Now I want to talk about how to keep passwords safe. To keep passwords safe on an iPhone, use the integrated password manager that is already installed. This is a good option because it is very convenient since no additional software needs to be installed. The process is easy to understand. And it is also free.
Is Autofill Passwords Safe?
If you’ve ever saved the password on your phone or web browser, you may have noticed it is now possible to auto-fill your password when prompted. Many people wonder if using this feature to auto-fill your password is safe. Generally speaking, it is safe. Just how safe depends on what platform you are using.
If you are saving passwords on your iPhone or in a browser such as Chrome, I would consider that moderately safe storage. However, if you are using a less popular browser or website in order to get the same auto-fill feature, your password could be more at risk.
So if saving your passwords in these applications is not the best, then you might ask where to save passwords.
After just spending the entire lead-up in this article explaining how difficult it is to remember passwords. I’m going to tell you with a straight face that the best place to store your passwords is. Your mind. This is the best way to keep passwords safe.
This is because to date, there is no more secure place to keep passwords. Keep in mind, that problems such as social engineering are the great downfall. Social engineering consists of tactics scammers use to trick people into divulging personal information.
However, this also applies to all the forms of storing your password. Once the technology has advanced to the point where storing your password in only your mind is not safe. This is the time when passwords, as we know them, may cease to exist.
Why are Passwords Important?
So if passwords are so not secure, then why do we use passwords at all? The answer to why we need passwords is because technology is still advancing. Passwords are an artifact of the past.
When the idea of them was first conceived, the major complications such as hacking were not nearly as advanced. One benefit to maintaining this tradition of using passwords is the ease with which users with authorization can gain access.
Other methods that I will describe later in this article are more complex which often makes the process a hassle.
Why Remembering Passwords is So Hard
If you find yourself like me having a hard time remembering your various passwords, it’s not your memory’s fault. Many people will often make the joke that they are forgetful and getting older.
When in reality, there are a number of reasons why remembering your password can be nearly impossible. And with current advances in policy and technology, it’s becoming even more difficult.
The pin code you use every day to unlock your phone or the password to log into your computer daily is easy to remember. Every day you are practicing and strengthening the connections in your brain to remember this information.
However, when there is an application or a website you only use on occasion this becomes more difficult. That’s because over time your brain is processing new information and you are not recalling this old information. So it is fading. That’s why it can be hard to remember your password if you do not use a daily.
Strict Network Requirements
The next factor that’s working against your memory is the fact that network requirements are becoming increasingly strict. Strick to the point of being almost ridiculous. The password requirement policies by network administrators at the server end can often seem too strict and unnatural.
One problem is you need to update your password too frequently for your brain to keep track. The other issue is these policies are forcing passwords to take an unnatural shape. That’s because of the requirement for them to include so many different combinations of numbers, letters, and special characters. People are much better obviously, at remembering basic strings of strictly letters or numbers. But not an extreme combination.
For example, it’s pretty simple to remember the address of 123 Main Street. More so than it would ever be to remember a password where the numbers fall between each letter. (m1a2i3n)
Despite your frustrations with these policies, there is a valid reason for them. It is all done in the name of safety and security for the accounts they protect.
Unfortunately, sometimes the scales of balance appear to shift too far. Not only are hackers kept at bay, but authorized users are as well. This is the case because of these restrictions, authorized users are not permitted access because they find it impossible to maintain their credentials.
Lastly, if all this was not enough there is one more curveball. Different sites require different combinations. Therefore, if you have a password in mind it may not be acceptable to each site. This depends on whether or not they allow special characters for a compatible length.
With that in mind, it is never a good idea to use the same passwords across multiple platforms. This is for the purpose of damage control. But remembering all the different combinations can prove frustrating.
Why You Should Use Complex Passwords
You should use complex passwords because it can have a direct correlation to how much security it provides. Using a strong password may prevent hackers from guessing your password. This is also the case if they know personal details about the user. There are also hacking tools that will attempt to incrementally guess passwords.
Why are passwords case sensitive?
Passwords are case sensitive because it allows the user to have a more complex password without making it unbearably long. For example, an 8 character password has 40,320 combinations. Those same 8 characters using both upper and lower case would create 200 billion possible combinations.
Why are longer passwords better?
Longer passwords are more secure because there are more combinations of characters for the hacker to guess. Even with the use of a program, this process can take hours or years depending on the complexity. This makes longer passwords harder to break. Generally, a hacker would rather move on to an easier target instead of spending so much time and effort cracking one password.
For these reasons, long, complex passwords that include both upper and lowercase characters increase security as the complexity increases.
Why do passwords expire?
Passwords expire because it forces the user to update them periodically. Over time, the likelihood of a password and therefore an account being vulnerable increases. This limits the window of opportunity a hacker has to access an account after they discover a working password.
The practice of changing passwords can also hamper the efforts of opportunistic hackers to sell valid data on the dark web Because it is no longer valid.
How to Remember Passwords
Easy to remember passwords generally mean easy-to-guess passwords. That is unless you use memory tricks much like computers use encryption.
Choosing a topic based on your life is a good start. Word associations make it easier to remember portions of the password easier than a random string of letters and numbers. The trick is to have a system only you know. The way you process how to remember your password is just as important as what these clues are.
Example of a Memory Technique
For example, if I were to try to describe this website FixScam in a coded form, I would probably break it into two words. Starting with the word fix, I would change that into the word wrench. That’s because in my mind a wrench is something you use when fixing something.
For the word scam, I might choose the phrase weight loss. Your choices are endless, but I chose this word because it means something to me. But it sounds random to someone else. If you read my article about receiving spam emails from contacts, I tell a story about my mother. The story is about her receiving a letter when I was a kid about weight loss. Turns out it was a scam and may have inspired my career in cybersecurity a decade later.
So my password reminder would be “wrench weight loss”. From there you would decode it as FixScam.
And to finish it off, you would use a combination of upper and lower case letters as well as special characters to strengthen it. Don’t forget to change some letters to numbers such as the number 1 into an “i”. (f1xSc@2m!)
Personal Passwords are Easier to Remember
One question I don’t blame you for thinking might be how are you going to remember this code as opposed to your password. Why is this easier? And I would say the biggest advantage is because your code is personal to you. You can start with any beginning words that come to mind based on the site the password is for.
The best part is since it requires decoding, it is almost like encryption only you have the key to. Because of this, it is something you can not be afraid of being intercepted or made public. Since it is based on your life experiences only you are likely to decode it into your working password.
For more information, feel free to read our article about changing passwords and its effectiveness against hackers.
What they do is store passwords in an encrypted form that can only be decoded by the password manager. Think of encryption as translating your password into another language. The catch is only the password manager speaks this language. So it is the only thing that can translate the encryption back into a usable password.
They work because they limit the chances your password will be intercepted in a usable form. If a hacker were to find the encrypted version of your password, they would not be able to use it to access your accounts.
Password managers are widely accepted as one of the most convenient ways to save your passwords. Using a trusted company with a good track record will give you the best security.
Best Password Manager
Bitwarden is the program I recommend when a client asks what password manager they should use. Because they are free and open-source they are also the best option that I recommend to you. Their free option allows you to save unlimited passwords over an unlimited number of devices.
They have a strong track record of security which I give credit to their open-source platform. This allows other cybersecurity professionals an opportunity to test for vulnerabilities. Once identified these leaks can be repaired before a major incident. As time goes on and the software is repeatedly battle-tested, the software continues to grow stronger.
If you try it and are interested in additional features, it’s one of the most reasonably priced products out there. I am not affiliated with any of these programs, I just want you to know the best options.
Alternatives to Bitwarden
Google Password Manager, which you may also know as the Chrome Password Manager is also free. If for some reason Bitwarden did not fit your specific needs try this one. Not only is Google a free option, but it is also a convenient choice that is already built into Chrome and Android devices. I do have hesitations about the security of a web browser-based password manager. Just be aware this is not the most secure option, but it may suffice.
1 Password is another popular solution. But as opposed to the other programs, they only offer a trial before requiring purchase. I do consider them more secure than LastPass. But it can be hard to justify the price tag in the face of viable and free options as listed above.
Lastpass is the last password manager I would use. They do provide both paid and free versions that give different levels of functionality. However, my main cause for hesitation is due to the many security incidents over the past decade. You can attribute some of these to the popularity and longevity of the program. However, with other valid alternatives above, no thank you.
Password Best Practices
- Use a strong password that includes special characters
- Lock your computer before you walk away
- Do not store passwords on your screen or under the keyboard
- Avoid sharing passwords with friends and family
- Change your passwords often
- Do not use the same password for multiple accounts
Using a strong password that includes special characters will make guessing it take a lifetime.
Do not leave your computer unattended in a public place or workspace. For Windows users, use the Windows Key and the letter L at the same time as a shortcut. I probably use it 50 times a day without even thinking about it. This doesn’t have to mean you don’t trust your coworkers. It’s just good personal practice and mental disciple.
Storing your password on a sticky note anywhere but home is a bad idea.
Avoid Password Sharing
Sharing passwords is a bad idea because of the old adage that loose lips sink ships. Why you shouldn’t share passwords with anyone is the fewer people that have access to passwords, the fewer opportunities there are for problems. Whether they are your coworkers, your spouse, or your children the reason why not to share passwords remains the same. It is your password, not theirs.
The only way to keep a secret between two people is if one of them is dead.
A better solution would be for each person to have their own individual accounts and passwords. Think of a ship with many different compartments inside of the hull. During a breach without these different compartments, the entire hull would fill with water and sink the ship. But with them separated, if only one or a few are compromised, the ship can remain afloat.
Changing your password often will safeguard your account if your password finds its way onto the dark web. Also, at some point, you may become aware of fraudulent activity involving one of your accounts. When this happens, the US Justice Department recommends here to change your logins, password, and pins. This is good advice because it is simple and free. It also prevents further damage from occurring.
Once your password is compromised, how many accounts share this password determines how many are now at risk. When you use different passwords for each account, it makes more of your accounts safe from breaches.
Trash and Mail Theft are Real Threats
Since you’re reading this article, you are probably concerned about keeping your personal information such as passwords out of the hands of criminals. It is not often enough that we remind people to secure their documents. Based on my experiences working with law enforcement, stealing trash and mail is a major problem.
Before you throw your rough drafts, junk mail, and any documents into the trash, first use a shredder. You may not realize that some of this information includes sensitive information such as account numbers. You may have written something on the back such as a password and forgotten about it.
The shredder you choose doesn’t have to be anything fancy or expensive. Just using this cheap tool could save you plenty of frustration later.
Learning how to remember your complex passwords is the best way to keep them safe. Some places have strict policies that make remembering passwords hard. But having too simple of a password makes it easier for hackers to steal them.
By using simple memory techniques, you can scramble your passwords into more memorable phrases. Only you will be able to decode them into a usable password.
It’s ok to use a password manager. They are helpful to keep your passwords organized and accessible. But be wary of providing credentials to banking and financial sources. No password manager is immune from vulnerabilities.
To see the methods hackers use to steal passwords, read our article about how hackers find vulnerabilities.