How to store your passwords safely

26.2K views
8 min read

Passwords are one of the fundamental features of our digital lives. We use them to log in to apps, guard our social media profiles, access banking, and even unlock our Macs

Even though passwords are meant to keep us and our data safe, most people don’t pay enough attention to their password strategy and leave security gaps as a result. For example, they store passwords where other people have access to them, reuse the same passwords multiple times, and don’t come up with passwords that are hard to guess.

While there are technologies that might replace passwords eventually (e.g. passkeys), passwords will still play a key role in our digital lives for years to come, so it’s important to learn to manage, store, and use them securely.

All the ways to store passwords

“Where to store passwords?” is the first question that most people looking to improve their password management have. 

Here are some of the most popular (but not necessarily secure) ways to store your passwords: 

  • In your head. Some people try to remember their passwords. While no one can steal passwords from your head, the problem is that you might forget a password that’s too complex or start reusing it everywhere, since remembering multiple complex passwords is difficult. 
  • Written on a piece of paper. Whether it’s a post-it note on your screen or a notebook in your backpack, writing passwords down allows for complex combinations but leaves them exposed for others to see. Plus, paper is easy to lose. 
  • A digital note on your phone or Mac. Having notes written down digitally is safer than keeping them on paper and more portable. But if someone gets hold of your device, they would also be able to log in to every aspect of your digital life.
  • Using Apple ID, Google, or Facebook to log in. A safer way to log in online is by using one of the large services (for which your password is complex and secure). The problem is that not all apps and services allow this type of a login and you don’t necessarily want Google or Facebook to hold the keys to your digital life.
  • Saving passwords in Keychain Access. Keychain Access is a free utility that’s installed by default on your Mac and used by Mac’s own services. While it does have a user interface, Keychain Access might be too confusing for most people to navigate, as it wasn’t designed with the ease of use in mind. 
  • Keeping passwords in the browser. Most browsers, be it Safari, Google Chrome, or Firefox, offer to save passwords in their own settings and automatically autofill them when needed. While that’s secure, it’s important for users not to reuse the same passwords. In addition, it would make it difficult to switch browsers or store passwords for local macOS or iOS apps.
  • Relying on a password manager. Password managers are the best way to store passwords today. They make it easy to generate complex passwords, work on all devices, and log in to both websites and local apps. 

What’s the best password manager?

If you want to use a password manager as the safest way to store passwords, you might not know where to start. There are lots of apps out there, both paid and free, and it’s difficult to tell them apart. 

We suggest starting your research with two great options: Apple Passwords (iCloud Keychain) and Secrets. 

Apple Passwords is a free and secure (but somewhat limited) password manager that’s available on all Apple devices by default. While the password functionality has been available on Apple devices for a long time through Keychain Access and iCloud Keychain in Safari, it’s only since macOS 12 Monterey and iOS 15 that Passwords has become a standalone feature inside Settings. 

A list of updated Apple Passwords features is impressive: 

  • Store passwords and sync between devices
  • Generate complex passwords
  • Set up 2FA (two-factor authentication)
  • Add custom notes to passwords
  • Share passwords securely with others

There are, however, a few key features missing: 

  • Organization by tags or vaults (to separate work and personal logins)
  • Other categories (secure notes, credit cards, documents, licenses)
  • Cross-platform integration with Android or Windows
  • A standalone app outside of System Settings

    Apple Passwords settings

Secrets 4 is another app we recommend and the best way to save passwords in our opinion. A standalone app for Mac, iPhone, and iPad, Secrets is secure, lightweight, and easy to use. The app will autofill passwords anywhere you need them and you can import passwords from other password managers you’ve used previously as well.

Plus, you can store more types of confidential information other than passwords — anything from license keys to credit cards to secret notes.

Key features of Secrets: 

  • Beautiful, secure, and easy-to-use apps for Mac, iPhone, and iPad
  • Seamless syncing between devices
  • Strong password generation and import
  • Password autofill anywhere you need them
  • Sharing passwords selectively and securely with anyone

Some drawbacks of Secrets 4: 

  • No apps for Android and Windows yet
  • The app is not free unless you’re a member of Setapp

    Secrets 4 password manager

How to manage usernames and passwords

Most websites and apps ask you to come up with a username and password combination to be used for login. 

While the safest way to store passwords is with a password manager, you should make sure that your passwords are unique and complex. Use the built-in password generator and set the length to above 12 characters, including numbers, capital letters, and special characters. 

It would be even better if you can make your usernames unique as well. One trick is to use a password generator but set it to “memorable words” and pick any combination for your username from there. If the username has to be your email, you can use the Hide My Email feature within iCloud to generate unique emails for each service that would later forward all emails to your main email. This is also a great way to get rid of spam.

Hide My Email feature in iCloud


Find saved passwords and passkeys in System Settings

If you’ve been using Apple Passwords primarily through the Safari autofill, you might not know how and where to retrieve any given password if you need to copy it somewhere else. 

Here’s how to find passwords in System Settings: 

  1. Go to System Settings ➙ Passwords.
  2. Enter your Mac password.
  3. Click the i icon next to any password..
  4. Hover over the hidden password to reveal it or click and then Copy Password to copy it. You can click to copy the username too. 

    find passwords in System Settings

Turn on iCloud Keychain on your Mac

iCloud Keychain is the end-to-end encrypted feature that works across all Apple devices to autofill your passwords, usernames, credit cards, security codes, and more. 

If you’re using Apple Passwords, it’s strongly recommended to turn iCloud Keychain on: 

  1. Go to System Settings.
  2. Click iCloud ➙ Passwords & Keychain.
  3. Toggle Sync this Mac on.

Once turned on, iCloud Keychain would automatically suggest autofilling logins with your favorite websites and apps. 

iCloud Passwords & Keychain settings

Ask Siri to find saved passwords

Those who don’t want to dive deep into System Settings to retrieve a password would be happy to know that Siri’s got their back! 

You can ask Siri to open Apple Passwords, even on a specific page by saying “Hey Siri, show my passwords” or “Hey Siri, show my Facebook password.” 

This can be done on Mac, iPhone, and iPad, and is even easier when you have the Face ID authentication enabled. 

How to unlock passwords in Safari

You might know that you can also access your saved passwords through Safari’s settings: 

  1. Go to Settings in Safari (Command + ,).
  2. Navigate to the Passwords tab.
  3. Enter the main password to access.

    password manager on Safari

View saved passwords in Chrome

If you’re a Google Chrome user on Mac or Windows, for the longest time you couldn’t use iCloud Keychain to save and autofill logins. But now you can. 

iCloud Passwords is available to everyone as a Chrome extension, which you can install for free from the Chrome Web Store. For the extension to work, you need to have macOS Sonoma installed or iCloud for Windows if you’re using a Windows computer. 

iCloud Passwords Chrome extension

Is it safe to store passwords in the cloud?

Some people are wary about using iCloud Keychain, since it requires the logins to be synced over the cloud. 

In theory, exposing your passwords to the internet creates more opportunities for hackers to steal them. In practice, if you rely on large and well-known companies that deal with security issues every day, your passwords are much safer than they would be when stored on your device. 

In this way, the end-to-end encrypted iCloud syncing that both Apple Passwords and Secrets use is just about the safest way to store passwords out there. 

How hackers access your passwords

When you hear about hackers stealing someone’s passwords, it’s almost never due to breaking into Apple’s or another major company’s servers. 

Most people reuse the same easy-to-guess passwords and keep them in the plain text format. Even worse, when they hear about a breach at one of the services they use, they don’t change that same password anywhere else. 

That’s why good password hygiene is so important. A few rules of thumb can protect your identity and privacy, and prevent your personal information from ever leaking online.

Tips to protect your passwords

There are a few tips that everyone should follow to safeguard their identity online: 

  • Use a password manager, don’t keep passwords in your head (we recommend Secrets).
  • Make passwords as complex as possible (12+ characters, numbers, capital letters, special characters).
  • Never use the same password twice — just store unique passwords in your new password manager.
  • Regularly check whether any of your passwords have been leaked with a website like haveibeenpwned.com.
  • Enable 2FA (two-factor authentication) wherever it’s available.

    check if passwords pwned

While turning on and keeping track of 2FA codes might seem like a chore, it will significantly improve your security on all websites. And apps like Step Two make it a seamless process. 

Step Two is a lightweight app that stores and updates 2FA codes to all the apps and websites you use. Just scan the 2FA QR code with Step Two, and you’re all set. Plus, all your codes are synced via iCloud to your Apple devices and can be easily auto-filled on Safari at any time. 

Step Two

As you can see, the best way to save passwords is using a reliable password manager like Secrets with a 2FA app like Step Two. Other than that, following a few security tips would quickly get you to the 99 percentile of all Mac users in terms of security. 

Best of all, Secrets and Step Two are available to you for free during the seven-day trial of Setapp. Setapp is a platform of more than 240 apps for Mac and iOS across all possible categories. Browse the whole collection at no cost and download new apps to explore today!

250+ apps for $9.99
per month

Sign up to Setapp and try them for free.

Security-tested