We hear it (and harp on about it) a lot: Create strong passwords that are long, unique, and hard to guess. But with all the shopping, email, social media, and other app accounts, you better also have a good way to store your logins.
Writing it on a Post-It and sticking it on your fridge is one way. But there are others. Here’s our roundup of the best and worst methods to store your passwords.
Best: Password manager apps
Pros:
A password manager is a program or service that helps you create and store passwords in a personal digital vault. By using a password manager, you won’t need to remember any of your passwords. Instead, a single master password is used to unlock your list of logins.
After unlocking them, most password managers also automatically fill in login fields for sites and services that you use, providing greater convenience.
The greatest benefit of using a password manager is it allows you to create very long, complex, nonsensical passwords for each account. You don’t have to worry about remembering them, so they can just be gibberish—and no one will be able to guess them either.
Cons:
If you forget your master password, you might not be able to recover your logins. If your master password is compromised, all of your account login details could be at risk. That said, it’s widely accepted that the benefits of using complex passwords on all your accounts outweighs the (small) risk that someone will find out your master password.
Premium subscriptions to password manager apps also cost money, but you get high security and the ability to save many logins.
Would we recommend this?
Yes—it’s the gold standard in password storage. Our password manager, Keys, comes with every ExpressVPN subscription, so if you’re a subscriber, you can try it right away. It’s built in to the iOS and Android apps, and comes as a Chrome browser extension.
Okay: Password managers in browsers
Pros:
Most browsers, like Chrome, Firefox, Edge, and Brave, have functionality to save passwords on the browser itself for faster authentication. This is convenient and free.
Cons:
In certain cases, anyone who borrows your device and uses your browser will have access to your logins. This is why you should enable two-factor authentication on your in-browser password managers.
Further, using a browser’s built-in password manager locks you into using that specific browser. In other words, if you use more than one browser, it may be a hassle to access login details on your various services.
Would we recommend this?
If you only ever use just one browser. Don’t forget to turn on two-factor authentication.
Bad: Digital documents
Pros:
Pasting all your passwords into a document on your computer or saving them by email is… actually we can’t think of any pros.
Cons:
This is possibly the least secure way to store your passwords. There is a decent chance of someone stealing your passwords all in one go, thanks to ease of copying digital files and the frequency of data leaks.
At the very least, ensure the platform or files you use are encrypted and password-protected themselves.
Would we recommend this method?
No.
Sounds bad, but not the worst: Writing it down
Pros:
Honestly, as long as you keep your bits of paper in a secure location that you can access easily—it’s not that bad of an idea. Further, it’s literally impossible to hack a piece of paper…
Cons:
However, updating a paper document periodically would be a hassle, and if anyone were to discover your secret hiding spot, it wouldn’t go down well. Also, you don’t get to copy and paste your password, discouraging you from creating long, complex passwords.
Would we recommend this?
If you have a really good hiding spot… who are we to judge?
Basic but has its merits: In your head
Pros:
Your brain can’t be hacked, and your password dies with you.
Cons:
It’s impossible to save numerous randomized passwords in your head. This means you’re resorting to “formulas” or reusing passwords, which is an unsafe practice when it comes to account security.
Would we recommend this?
If you have very few logins and a good memory, go for it!
Tips for creating passwords
1. Long, unique, randomized
Rule No. 1 is creating long, unique, randomized passwords that don’t mean anything to you or anyone else. Strong passwords should always include a combination of uppercase and lowercase letters, numbers, and symbols. The longer the password, the harder it is to crack.
A good example is: MnjJL1b:&UXX+J@i,lpJSi|
Try out our strong password generator here!
2. Try using passphrases
Generally speaking, the main difference between passwords and passphrases is that the latter can be composed of words and incorporate the use of spaces. The use of words also makes them easier to remember without making them easier to guess.
A good example is: Bananas? Chocolates! Teapots? Elephants!
3. Don’t reuse passwords
The issue with using the same password more than once is that it only takes a single instance of an account being compromised to cause a domino effect on your other login credentials. Using a different password for each of your accounts makes the likelihood of hackers being able to guess or brute force their way in much harder.
Read more: 6 common misconceptions about passwords
Take back control of your privacy
30-day money-back guarantee
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Comments
For storing passwords I use an electronic gadget that is not connected in anyway to a computer or wi-fi or blutooth. It is totally offline, requires password to enter, it is the “RecZone Password Safe”.
Even keeping paper document in your home or office with passwords on it is unsafe as a burglar breaks in and finds them (they usually kept in proximity of your computer) with “RecZone Password Safe” this is not a problem this unit is not much bigger then a mans wallet and is easily portable
These articles never mention Apple’s Key Chain. As tech gets more and more complex my observation is that the password managers are struggling to keep up. I have used 1Password for years. I would live to know if those of is in the Apple echo system are safe using the Key Chain system. S
what is someone hacks the password manager? no one tells us they have been hacked until after the fact.
Bitwarden, one of the best free password managers out now! Great article!
ABSOLUTELY! I was about to add the same; I’m so glad to see someone else also use Bitwarden! It is the best…not only is it open source, but it is free. And if you want to upgrade it, it is only $10 PER YEAR! That is sick cheap compared to others!
My passwords are on an IronKey. if you guess the wrong password to access it ten times, it will kill the memory, and the key itself. Military grade protection. Look it up.
My passwords are on a highly secured USB stick
(you need 2 USB sticks))
This (for me) going too be complicated. Why not have a generator while generating a complicated password, to be able to automatically change a previous character that was already generated but not shown then continue from the original spot? I can see it but hard for me to explain, sorry.
Thank you for the tips on passwords. I’ve been using the same ones because I can’t remember them all.
Thank you. You’ve helped me make the decision.