Password Storage

When considering how and where to store passwords you should consider:

• Access – Where and how do I need to access these passwords? Just on one device, or will I need access to these passwords on my phone, tablet, and laptop?
• Control – How much control do I need when sharing my passwords? The more control you have, the more secure your password(s).
• Complexity – This is easier/better with certain methods, and some allow completely random extremely complex passwords to be generated and you never need to know the password as the management software will do everything for you, whereas others rely on you to generate your own passwords.
• Overall ease of use – If a solution isn’t easy to use and manage, you’ll probably use it less, so whatever you choose needs to be easy to use for you!

A dedicated Password Manager

The best method of password storage is always a dedicated, reputable password manager.

I’m sure you’ve heard about various solutions and as the market changes regularly we won’t mention specifics here, but a quick internet search for “Best password managers” or similar will probably start you on the right path. You can always ask IT Support or a technically minded friend for recommendations as to what they use as well.

Access – These are often synchronised and stored securely online and many come with mobile and desktop versions of their applications, they can also (often) automatically fill your passwords into known websites as well, saving you having to go searching.

Control – You can usually share your passwords directly from the password manager, and sometimes even prevent the end user seeing the password itself, but the app is able to automatically fill it for them! This does require both parties having the same service/app for password management though.

Complexity – Using a dedicated password manager allows you to either use the previously mentioned methods of password generation, or you can generate something completely random like “RSeSkvlIjesSthCOq8W$ac5ne9V2jQESJ#3L” and you never have to type it out manually! This is the most secure type of password, however it’s essentially impossible to remember so can only be used with a password manager to accomplish this level of security.

Ease of use – Because this solution fully manages the password the technology can essentially remove the cumbersome nature of complex passwords and make signing into all your services much easier in the long run. One thing to note is that you need to have one dedicated “master” password you must remember, and this must be as complex as possible, otherwise if this is compromised, you’ve handed over the keys to the kingdom!

Setup Multi-Factor Authentication on your chosen password manager if it’s available.

This is an 8/10 as it’s the most ideal solution on the market today.

Your Browser’s built in Password Manager

This is the second-best method and shares many features with the dedicated password manager solution, however there are drawbacks of using this solution.

Access – Although this is getting much better, it can be harder to get passwords to be accessible across devices.

Control – They often don’t have a method to securely share passwords with others, so to would have to rely on writing passwords down or copying it out manually, and hoping the other person doesn’t misplace the paper, or further share the password with others. There are also very easy methods to extract all your passwords if an attacker has access to your computer as well.

Complexity – Provided the issues regarding access and control can be overcome, complexity is on par with a dedicated password manager application.

Ease of use – As with complexity, providing that access issues can be overcome, this is almost as easy to use as a dedicated password manager and would still be an acceptable method of password storage.

6/10 as it does have a few key drawbacks, however it’s still a very capable solution for many.

Memory

This method is the best if you have a great memory, you could pair this with the Paper Password Generator method we previously discussed to help boost your ability to remember multiple complex passwords, however this technically reduces the security of your passwords as they are written down.

Access – This is as good as your memory is, remembering 100’s of unique passwords isn’t easy for many people, however for remembering a single complex master password this is perfect. The password(s) would always be available to you as well.

Control – You have full control over what you share and who you share it with, so this is more secure than all other methods provided you can keep a secret!

Complexity – This is often where our memories can let us down. We often have to sacrifice complexity to be able to fully commit passwords to memory, so this is often an issue that needs to be overcome. Only remembering a master password or using the Paper Password Generator can be useful here.

Ease of use – As long as you have a good memory, this is almost as easy to use method as a password manager, however unlike the password manager you would need to type the passwords manually.

I give the memory method a 5/10. It’s the most secure however being able to accurately remember all your passwords can be a challenge for many. You also need to factor in that password managers can automatically fill your passwords for you as well.