How to store your passwords safely
According to a study by Cyber Streetwise, the average person has 19 different passwords. With the importance of creating strong passwords — a combination of upper and lower-case letters, numbers, and special characters — it's little surprise that 1 in 3 people struggle to remember them.
In this article, we’ll show you how to securely store and keep track of your passwords and online logins so that you don’t get locked out of your favorite websites.
The common ways to store passwords
When it comes to where to store passwords, there is no shortage of options, but some methods are more secure than others.
Let’s look at the most popular ways and their effectiveness:
- In your head — A great option as far as security is concerned but not great for retrieval. As we mentioned earlier, a third of people struggle to remember passwords. With security for banks and emails tighter than ever — to prevent cyber attacks — it is not the best scenario to reset your passwords all the time.
- Paper — Useful, but not secure, unless the paper is hidden away under lock and key. A post-it note stuck to your monitor or scribbles in a notepad on your desk leaves passwords vulnerable to theft.
- Phone — Passwords stored in a notes app on your phone are at the mercy of your phone being lost, damaged, or stolen. And even if your notes app syncs with the cloud, you face a challenge of trusting the cloud provider.
- Computer file or desktop — Word processor documents or passwords stored in Notes are at risk of being stolen by anyone with access to your computer, be it in person or via a virus. ZIP files and password-protected documents are more secure, but not fully so.
- Browser — A simple solution that remembers and pre-enters passwords to your favorite sites so you don’t have to. It works across all devices too. However, as a successful attack on Opera’s systems showed, security measures aren’t impenetrable.
- Email — Passwords sent to yourself or anybody else via email aren’t secure, unless you use an app like Canary Mail — the most secure email client with PGP encryption. A study by CPP Group found it was possible to teach people with even limited technical knowledge how to hack into an email account in less than 15 minutes.
- Keychain — Mac’s Keychain Access password management software is protected by 256-bit AES encryption (iCloud, by comparison, is only encrypted with a minimum of 128-bit AES), making it a decent option to store and access passwords across your Apple devices.
- Password managers — Operating as an online storage locker for all of your passwords, this option means that you only have to remember one password to access the rest. Managers let you store unique, strong passwords for different sites and use industry-standard encryption to keep them safe.
Free ways to track all your passwords
The stronger passwords you create, the easier they are to forget. And the more you forget, the more likely it is for you to create easy-to-remember passwords instead. But with approximately 95 passwords stolen every second, you can’t take the chance of using a few weaker but memorable passwords over less memorable stronger ones. So you need to track them. You can do this for free using any of the methods below.
Write them down
Putting passwords into a spreadsheet or Google Doc is a simple way to store them. Files can live in the cloud which is useful for accessing them across different devices.
If you’re saving files to your computer, improve your chances at security by locking them down in a password-protected encrypted folder and burying them deep within system folders. Always make sure the file is given an anonymous name and never use the word “passwords.”
Use Facebook, Twitter, or Google to log in
An increasing number of websites come with the option to sign up and log in using your Facebook, Twitter, or Google credentials. This means you don’t have to worry about creating (and possibly forgetting) new passwords. Of course, it doesn’t work for every website and requires your social passwords to be rock-solid. You’ll also be putting your faith in these sites to protect your information. They do go out of their way to do this, but there is always risk.
A built-in password manager for macOS, Keychain Access lets you store and track all of your passwords. It’s a management tool that uses your admin credentials as the master password, and is one of the best ways to store passwords.
iCloud Keychain keeps your Safari website usernames and passwords, credit card information, and Wi-Fi network information up to date across all of your approved devices that are using iOS 7.0.3 or later or OS X Mavericks 10.9 or later.
iCloud Keychain can also keep the accounts you use in Mail, Contacts, Calendar, and Messages up to date across all of your Mac computers. And when you sign in to Facebook, Twitter, LinkedIn, and your other Internet accounts, iCloud automatically adds your usernames and passwords to all of your devices.
Store them in your browser
Most popular browsers offer standard password storage. Logins can be stored at the click of a button and entered automatically, saving you a lot of time. However, this option only works for online passwords. Desktop passwords will require another solution.
Manage passwords in Google Chrome
- Open the Chrome menu using the button on the top right of the browser toolbar.
- Click on the Settings menu option (or type chrome://settings/ in the address bar)
- Choose Advanced at the bottom of the page.
- In the “Passwords and forms” section, click the Manage passwords link.
Here's you can manage all stored credentials:
- To see the password, click Preview
- To delete saved item, click More
- To access your passwords from any device go to myaccount.google.com/general-light
Is it safe to store passwords in the cloud?
Data stored on your computer feels safe. It sits in a file away from the prying eyes of the internet. Data stored in the cloud is out there in the big wide world. It doesn’t feel as secure.
However, passwords stored in the cloud are no more at risk of hacking, natural disasters, and power outages than locally saved passwords. The reputation of cloud providers is staked on their ability to protect the sensitive information of their customers. Every effort is made through data protection policies and industry standard encryption to keep passwords safe.
That said, peace of mind is everything when putting your faith in the cloud, so only ever choose to store your passwords in an app that uses OpenPGP format and AES, RSA, and SHA encryption standards for maximum security.
Storing and remembering passwords securely
To handle passwords effectively while enjoying easy access and the convenience of having web page logins filled automatically, a password manager is your best option.
Password managers keep all of your passwords in one place and can even create new passwords to save you the effort. Better still, you’ll only need to remember the password to login to the password manager.
There are hundreds of password managers on the market. Some are free, and some cost thousands of dollars. Some offer more features than you’ll ever need, and some just cover the basics.
The password manager for Mac we recommend at Setapp is Secrets. It’s simple, secure, and offers everything you’ll ever need in a password manager:
- Stores all passwords, bank details, credit cards, and other sensitive data in one place
- Features a simple user interface
- Automatically fills logins on Chrome and Safari
- Syncs passwords across Mac, iPhone, iPad, and iPod
- Generates unique, strong passwords, including one-time passwords for services that support two-factor authentication
- Allows imports of passwords and information from CSV files and popular apps and services, including 1Password, LastPass, and RapidoSerial
- Allows the creation of recovery keys to unlock data in case a password is forgotten
- Stores data in the industry standard OpenPGP format with encryption in AES and RSA algorithms
- Handles and encrypts data — no browser extensions or third-party apps can access information
- Automatically locks to keep passwords safe if your device is lost or stolen
How to manage usernames and passwords
Finally, keep your accounts secure by taking the following steps to manage usernames and passwords for all online and offline accounts:
- Never use the same username and password across different online accounts
- Use a password manager to remember logins for websites that you use regularly, but opt for a dedicated app over an in-browser feature
- Enable two-step verification for your Apple, email, and social media accounts
- Reset passwords regularly and use a password generator to create an unpredictable combination of letters, numbers, and special characters
Safe storage of your passwords is critical for the security of your online accounts. Writing passwords down and hiding them away is a better solution than trying to remember them, but for total peace of mind, you should go with a password manager.
Try Secrets, a simple and secure password manager included in the Setapp app collection. As a bonus, there’s a free iOS app to help you take control of your passwords across all of your devices.