Archive for December 14th, 2011
In part 1 of this two-part series, I mentioned some of the fallacies and misconceptions in password practices. If you haven’t read it, I suggest you click here to read it now. In this part I’ll discuss a few methods for storing and securing your strong passwords themselves. It’s not as hard as it sounds, and there are lots of ways to do it. I’ll describe a few different approaches below and a few pros and cons of each one:
Paper and pencil (or pen)
I’m taking it back to the basics here. Write down your passwords in an address book, rolodex, or other suitable organizational booklet. However, don’t store this near your computer. There are some simple solutions that can help you think of — and remember — complex passwords, such as this idea from IdeaShower.com.
Pros: Helps you keep organized track of username/password and security question/answer combinations easily and inexpensively. Durable and long-lasting.
Cons: Can be easily compromised. Someone who knows where your password book is can still gain access to your accounts.
A simple text file, Spreadsheet, or Database
This is one step beyond the paper method above. Storing your passwords in a simple database can do the same as above, as well as keeping it quickly sortable and searchable. However, if someone gains access to your computer or hard drive, it can be compromised. A few examples of this are a text file, an Excel spreadsheet, or an Access database.
Pros: Easier to organize, search, and update than a paper file.
Cons: Can be compromised if unauthorized access to your computer occurs, such as through a trojan or virus. Can be lost, corrupted, or become outdated if backups are not made and maintained.
An encrypted text file, Spreadsheet, Database, or specialized software
An encrypted database can offer you the same ease-of-use of the electronic storage method, while providing an extra layer of protection in case someone gains access to your computer’s data. There are several software programs which are designed for encrypted password storage, such as KeePass, 1Password, Password Safe, or the Firefox extension Password Hasher (though it’s not clear if it stores its password in encrypted databases or not). Though some of these can be pricey, the peace of mind and organization they provide is often times priceless.
Pros: Many of the same advantages as simple file storage while providing an additional layer of security against unauthorized access. Free software programs are available. Specialized software can also assist in generating strong passwords.
Cons: Just as the encryption protects against unauthorized access, you can lose access to your database if you forget the password. Store it securely. Non-free software can be pricey.
Cloud-based, encrypted password storage
Cloud-based password storage attempts to combine the best of encrypted storage as well as worry-free backup and syncing across all your devices. Keep in mind when choosing cloud-based storage that you’re placing your trust in the availability and security of the provider. Make sure that if you choose a provider that you carefully review their encryption choices and availability of an optional 2-factor authentication method.
My personal favorite in this category is LastPass. LastPass is free to use the website and browser extension, and they offer a premium subscription which allows you to access your password vault from a mobile device for $12 per year. LastPass also includes support for 2-factor authentication via a YubiKey or Google Authenticator.
(Disclaimer: I am a LastPass premium subscriber; I have not sought nor are they offering me any compensation for mentioning them in this post.)
Pros: Convenient browser-based or browser extension for access and syncing of your passwords. Can auto-fill on websites. No need to worry about backing up your password file or losing it.
Cons: If your provider is compromised or goes down you could lose access to your stored passwords.
Do you have any methods of generating, storing, or securing passwords not listed above, or anything else that wasn’t covered in the above article? Please feel free to share in the comments below. Thank you!