Computer passwords aren’t new, but for many people, they’re more frustrating than ever. Until recently I provided tech support at a college, and lost passwords were the most common issue I helped people with. Most of us have even more online accounts than we did five or ten years ago, making it tempting to use the same, easy password across multiple accounts. But weak or compromised passwords can result in scary data breaches and cyber attacks. According to Security Boulevard, ransomware is more of a threat than ever. So how can you keep your passwords strong and your business protected while also maintaining your sanity? Here are three secure, expert-recommended methods. Pick the one that works best for your lifestyle.
1. Analog: Paper, pencil, and dice.
Sometimes low tech is still the best solution. As a professional librarian for over a decade, I relied on the Electronic Frontier Foundation’s (EFF) Security Self-Defense kit to help my community members get started with basic internet security. In their article on secure passwords, they provide a method for using dice and a word list to generate a password.
If someone has told you don’t ever write down a password, they must have a better memory than most of us. It’s very dangerous to use the same, simple password over and over (yes, I used to do it, too), so people without photographic memories, like myself, will have to store their passwords somewhere. If you store your passwords somewhere online (as with the methods below), you could get hacked and not even know it. If you put your passwords in your wallet or your house, at least you would know if they were lost or stolen!
I’ve also forgotten the password for the digital location where my passwords are stored. Yikes! Now, when I change the password to my password manager (more on that below), I write it down on paper and hide it until I have it memorized. You may decide to keep some important passwords on paper, or all of them. Just be sure to update your log every time you generate or change a password.
2. Browser-based: Saving passwords where you use them the most.
If you don’t have a password strategy yet, chances are some of your passwords are stored in your browser (the app you use to access the internet--maybe Chrome, Safari, Firefox, or Edge). It’s easy to save passwords to your browser without realizing it. Maybe a frequently-used password pops up on your iPhone, but not your PC. If so, you are probably already saving some passwords in your browser.
A lot can go wrong with this approach. If you don’t intentionally sync your passwords across devices, you may suddenly realize the password you need is saved on another device’s browser. And this approach can also be dangerous on a shared computer. If you don’t log out of your browser, your passwords may pop up for the next person who uses that computer!
This path-of-least-resistance approach also works best if you don’t have a lot of different kinds of devices. If you use all Mac products, for example, it might work well for you to set up iCloud Keychain. If you use Chrome as your browser and an Android phone, you might use Google to sync your passwords.
3. Password managers: My recommendation.
Finally, you can use a password manager that works across different browsers and phones. The EFF notes that even password managers can be hacked, and if that happens, all your passwords could be compromised. Still, this is the solution that works best for me.
My password manager is installed on all my computers and personal devices so that I can access my passwords from any of them. It generates secure passwords and stores them for me. I only have to remember the password to my password manager, and I’m no longer tempted to use the same easy-to-remember passwords over and over. CNET provides a list of highly ranked password managers, both free and paid.
There is no perfectly secure way to store your passwords. If you store them on paper, they could be stolen. If you store them online, they could also be stolen. If you don’t store them anywhere, you will probably forget them. But internet security experts are in agreement that the worst thing you can do is use the same simple password (like a word and a number) over and over again. Use one of the techniques above to be as safe and efficient as possible.