Keeping passwords organized and safe is a huge task for everyone. In this era of IoT and BlockChain, information is power. The world’s top corporate and companies run behind data because data gives business insight. It is even more so if data is sensitive like passwords.
Unless you have a great eidetic memory, it is also impossible to remember all your passwords without storing them. No site or app is completely safe from cyber attacks. You should consider organizing and storing them with extreme care.
In general, people are too careless and oblivious when it comes to keeping passwords safe and organised. If you are a statistician you will agres
- DataProt says, more than 53% of people rely on memory to manage passwords. About 32% use the browser password storage feature and 26% use a spreadsheet.
- But! About 37% of users also say they had to use the forgot password feature to change their passwords almost EVERY month because of forgetfulness.
- Also about 71% of accounts have passwords that have been used for multiple services!
Clearly these people are greatly misjudging how important it is to keep passwords safe and how to keep them organised. Do you think your passwords are safe?
In this article, we will go through a few key ideas on how you can keep passwords safe plus organised.
Why keeping Passwords Organised is Important?
We have established that passwords are needed everywhere. There is no escaping that at least for a significant time in the future. It is true that biometric devices, social media authentication and email authentication are becoming popular. But, that said, text-based passwords are the norm and they are not going away anytime soon.
And using one password everywhere is a huge mistake. It puts all your accounts at risk. A potential compromise in one place could lead to a personalised attack. Spear-phishing for example takes advantage of this fact. From emails to bank accounts you should try to use different passwords with enough complexity. Now if you do that, now you will have 100s of passwords on your hands.
The human brain finds recognition way easier than recollection. Storing your passwords in a safe location for later retrieval is the best solution for this modern dilemma.
You need to organise your passwords to keep them safe. It is very easy to store passwords in the wrong places that could compromise their safety. In general, People use a number of ways to store them. We will discuss about a few of them here.
A few Popular Ways to Store Passwords:
1. Oﬄine Paper-based Password Storage
For people skeptical about storing passwords by electronic means, this is a great solution. You can write down all accounts and passwords on a paper. It is true that with the correct means, almost every technology is hackable. But paper is not.
There are some great password keeper journals available on the market that make this easier. Some of them even come with a mini lock. Also some key things that you might want to keep in mind before using paper based keepers are
- Write down the password with a pencil – You might want to change the password in the future. Sometimes you might even be mandated to change the password after a given amount of time.
- Use hints – Never write down the actual password. For example, the second country you visited and the first car you owned, country2+car1 for AustraliaBentley.
- Rearrange letters – Sometimes you might have to use passwords that cannot be hinted. In that case, consider writing it down in reverse. Or just use an anagram. For example, 21abeo7d could be written down as d7oeba12.
- Store it in a safe location – Use a locked drawer or a safe. If it is a fairly small list and you use it often, you can even put it in your wallet/purse. Never ever leave it out in the open.
- Do not label it – Do not label the book with PASSWORDS on the top. You will be giving it away if you do that.
- Do not use Post-Its – A common trend is to use a post-it to write down passwords and place them under the keyboard or even on the desk! This should never be an option.
- Do not cross reference – Never write down “same as Facebook”. You might have to change your FB password at some point and forget to change this reference. Linking around passwords can become very messy very soon.
2. Browser Based Password Storage
I bet you’ve used this before.
This is one of the most convenient ways to store and use passwords. Almost every browser has a password storage feature. Add to this an auto fill feature; you do not even have to type out any of your passwords.
Here are some big-time internet browsers and where you can find stored passwords
- Google Chrome – Settings -> Auto fill Settings -> Passwords -> Manage Passwords in Google Account
- Mozilla FireFox – Settings -> Privacy & Security -> Logins & Passwords -> Saved Logins
- Safari – Keychain Access (Part of macOS) or Preferences -> Passwords
All browsers encrypt the password locally before storing them. But the key is also locally stored. The password will be decrypted back to plain text to use them. It is possible for someone with access to your machine’s login password to hijack and view it.
All browsers allow you to view the passwords.
Chrome for example, with the machine login password allows you to view the passwords in macOS and Windows. In Linux, you don’t even need that! Firefox after a recent update has updated security. If any of your online accounts were involved in a website breach, an icon indicator next to the URL informs you of it.
Safari provides improved convenience using keychain. Keychain is a macOS/iOS cross platform feature that allows storage of passwords in one location. It is an electronic password manager to store the passwords in a database You can access passwords from all your iOS/macOS devices without storing them multiple times.
Note that, browsers although have evolved to incorporate password safety were not originally designed for storing passwords. Electronic password manager applications dedicated for password organisation are a big upgrade.
3. Dedicated Password Manager Apps
Arguably the safest option.
Over the past decade, there have been increasing number of password management applications that store passwords in databases. They have layers of security and are built for this sole purpose. As we already saw, keychain is one such password manager.
Most of these applications are locally installed and the encrypted database can be local or on the cloud. Applications that do not use the cloud, are completely oﬄine and there is no leakage of data via the internet. They alert you about phishing sites. You can pass down sensitive information in the case of death via digital inheritance.
They come with features to check password strength, vulnerability and age. Sharing passwords safely, storing confidential information, certificates and keys. They provide a one-stop solution for storing sensitive information. Some popular options are
1. Last Pass
- Check password for compromised passwords, strength and age.
- Comes with a digital wallet to store payment information.
- Storing digital records and dark web monitoring.
- Free plan does not limit the number of passwords that can be stored
- Cross OS Compatibility – Windows, macOS, web client, iOS and Android.
- It is also available as a browser extension for chrome.
- Premium costs $3/month
- Comes built-in with Apple machines (macOS and iOS). Apple is known for valuing privacy and security over everything else.
- Keychain items are encrypted using two different AES-256-GCM keys: a table key (metadata), and a per-row key (secret-key). They are not backed up to avoid risk.
- Website login data is usually stored in the d and network data like wifi passwords are stored locally.
- The passwords are stored with Name, Kind, Account, and secure comments.
- A password assistant also generates passwords based on length, type and quality parameters.
- 50 passwords for single device under free-tier.
- Multiple devices and unlimited passwords require premium upgradation.
- Much better user interface than other password managers.
- It is compatible on Windows, macOS, iPhone, iPad, and Android
- Cloud passwords are AES (Advanced Encryption Standard) encrypted
- It is also available as a browser extension for chrome.
- $3.33/month for premium and $4.99/month for family (maximum 5 members)
Organize Your Passwords Right Now
It is obvious that computing power keeps increasing every year. A hacker with state of the art computing power is a hacker on steroids! You are only safe because you are not targeted. And you are not targeted because there are bigger targets out there. So organize your passwords today to improve productivity and safety.
These Password managers make using online services a lot easier and safer. It will be wise to invest in a good password manager if you have to use sensitive information regularly. They offer a simple life hack but one that is much needed. Weigh your options and choose on a method based on the nature of your work.
An engineer and a tech enthusiast, driven by curiosity.