The average person has roughly 100 user accounts, and when you consider that each of these accounts requires a unique username and password, it quickly becomes a hassle to keep track of login credentials. For expediency’s sake, users will often note them down in easily accessible places, but doing this is like leaving your keys in the door. If your passwords are easy to find, you completely undermine the security of your accounts.
That’s why it’s important that you know where not to store passwords, so you can avoid security breaches.
Where should you never store passwords?
The general rule of thumb is never to store your passwords anywhere in plain view, especially if that place can be accessed by others. The top five worst places to store passwords include:
1. Sticky notes
Many users write down their passwords on a sticky note. It’s convenient and easy to access, but it’s also unsafe, especially if the note is stuck to your computer monitor or desk. The passwords intended to protect your accounts are now easily visible to anyone who enters the workplace, whether they’re a coworker or an outsider who manages to sneak past security.
2. Notebook or journal
Similar to using sticky notes, jotting your passwords down in a personal journal or notebook is not a good idea. While it’s easy to hide or conceal a notebook, there’s no guarantee that someone won’t stumble upon it. There’s a chance that someone could steal the notebook from your drawers in the middle of a hectic day or swipe it in a coffee shop. When the wrong person gets their hands on your notebook, there’s nothing preventing them from reading through it and learning your passwords.
3. Unencrypted files
Storing passwords in unencrypted files, such as documents, spreadsheets, or note-keeping apps, is almost as bad as writing them down on a sticky note. If the device that contains the file is not encrypted, cybercriminals can access your passwords without much effort. They can use malware designed to target files in specific applications or platforms, and once they find the unencrypted file, they will have full access to your credentials.
However, it doesn’t even require an overly technical cyberattack to steal passwords from your device. If your device is lost or stolen, the thief could access your passwords without any extra effort.
4. Email or messaging apps
A practice that’s less frequent today, but still equally dangerous, is sending passwords to yourself via email or messaging apps. Even though you’re technically the only recipient of the email or chat message, there’s a chance that these could be intercepted by cybercriminals when they’re sent over the internet. This practice could also be risky if you accidentally send the passwords to an unintended recipient or someone maliciously accesses your inbox.
5. Browser
Many web browsers such as Chrome, Firefox, and Safari have a feature that allows users to store passwords for quick and easy access. Although these browsers have extra precautions in place to keep saved passwords secure, it’s still not the safest option for storing your login credentials. If someone accesses your browser, they can use the autofill feature to log in to your accounts without any elaborate hacking.
Where should you store passwords?
The safest and easiest place to store your passwords is in a password manager such as Dashlane or 1Password. A password manager is an application that stores all your passwords in an encrypted database, which can only be unlocked with a single master password. Since you only have to remember one password, you don’t have to worry about creating multiple complex passwords. Password managers will even warn you if you’re using weak or reused passwords, so you can update them with more secure versions. In fact, most password managers can generate strong and unique passwords so users don’t fall into the trap of setting the same password across multiple accounts.
There are two main storage methods that password managers use: cloud and local storage. With cloud storage, password managers encrypt and store passwords on a remote server that’s managed by the provider. This allows you to save your passwords and access your account from any web browser, as long as you have the master password. Meanwhile, local storage involves storing passwords in an encrypted database file on the user’s device. This file is typically stored in company devices or servers, which can be further protected with security protocols such as firewalls and intrusion prevention systems.
Cloud storage can be more convenient because it syncs passwords across different devices, making it easy to securely access your accounts. On the other hand, local storage provides more control since the passwords are stored on the device itself and not in a remote server where you don’t know what security measures are in place. Regardless of the choice between cloud or local password managers, your digital security will benefit from avoiding the previously described insecure methods.
How to better protect your accounts
Implementing a password manager won’t immediately make your accounts invincible; it’s how you use the tool in conjunction with other security protocols that will really make a difference. Here are some tips for better protecting your accounts:
- Always set strong and unique passwords – Both your master password and individual passwords need to be lengthy, complex, and not reused across multiple accounts. Avoid using easily guessable information, such as birth dates or common words. For master passwords, it’s better to have longer passphrases that you can remember but are difficult for others to guess. As for your individual passwords, you should use your random password generator whenever possible.
- Update your passwords – Change the passwords of your most critical accounts every three to six months. This will prevent hackers from reusing old passwords that may have been compromised in a previous data breach.
- Activate multifactor authentication (MFA) – MFA uses a combination of authentication methods to verify your identity and prevent unauthorized access. This could involve an extra verification step such as entering a temporary passcode generated by an authenticator app, connecting a USB security key, or scanning your fingerprint. When combined with strong password practices, MFA can exponentially increase the security of your accounts.
- Develop good security habits – A strong password won’t mean much if you’re careless with online safety. Adopt a critical mindset when you’re browsing the web, and always think twice before clicking on suspicious links or downloading unknown files. These will help you avoid online scams and cyberattacks designed to steal your sensitive information.
- Implement conditional access policies – Conditional access policies allow you to secure the access points of your accounts with additional layers of security. This can include restricting logins to specific devices, requiring a second form of authentication, or blocking access from certain geographic locations.
Passwords are the keys to our digital lives, so it makes sense to use a password manager and take the necessary steps to secure them. At Dynamic Solutions Group, our team can guide you in implementing password managers such as 1Password and help ensure that your company adheres to password best practices. Call us today to protect your accounts and keep your data safe.