How to Store Passwords
When it comes on how to store passwords safely, there’s no shortage of options, but some techniques are more secure than others.
Let's look at the most popular techniques and their effectiveness:
•
Computer: Word processor documents or passwords stored in notes are at risk of being stolen by anyone with access to your device, personally or by a virus. Password-protected documents and ZIP files are more secure, but not 100% sure;
•
Email: Passwords sent to yourself or anybody else by email aren’t secure unless you use an app like Proton mail, the most secure email client with PGP encryption. Recent studies say that it’s possible to teach folks with even "short" technical knowledge how to crack an email account in less than 20 minutes;
•
Write it down: Helpful, but not secure, unless the paper is hidden away under lock and key;
•
Memorize: It’s the best way to store passwords offline, as far as security is concerned but not so adequate for recovery, since a many of us struggle to remember passwords. With protection for banks and emails tighter than ever to prevent cyber-attacks, it’s not recommended to reset passwords all the time;
•
Browser: A simple option in the browser that remembers and pre-enters passwords to favorite sites, so you don’t need to remember. It works across all devices too;
•
Phone: Passwords stored in a notes app on your phone are useful also. But the potential problem may occur in case the phone is lost, damaged, or stolen;
•
Password managers: Operating as an online storage locker for all passwords, this option means that you only need to remember one master password to access. Managers allow you to store unique, strong passwords for different sites and use industry-standard encryption to keep them safe;
•
2-Factor authentication: It adds an extra layer of security to your online accounts and makes them much harder to hack since It needs more than just a username and password for authentication;
•
Plain text: It’s a most naive solution to store passwords as a plain text. All users typically recycle passwords across websites, and even if a site isn’t storing traditionally sensitive data like bank details or address, it doesn’t make security less important. So, if a website ever emails you password, assume your data has been branched, and change your password immediately;
•
Encryption: It’s a small step up from storing passwords in plain text. You can think of encryption like placing user passwords in a box locked with a padlock. The advantage of encryption is that passwords are no longer stored in plain text and you can’t work out a user password by simply looking in the database;
•
Hashing: Hashing is an improvement over encryption because there is no key to decrypt our passwords into a plain. Therefore, it can be very computationally expensive for someone to try to crack the passwords. The reason hashes are so difficult to break because they’re one-way operations that are easy to calculate but very difficult to reverse.