What’s the safest way to store your passwords?

2020-01-24 - 6 min read

Most of us have tens of different accounts. We need one for our email, work or university, countless social media platforms, and various apps and services. Each one of these accounts is protected by a password — a single phrase that guards your most sensitive data against outsiders.

There’s no doubt you need to keep those passwords safe. People employ various strategies to safeguard them, from writing everything on a piece of paper and locking it in a drawer, to trying to remember every password they have. So what is the best way to manage passwords?

Why you can’t just use the same one everywhere

It would be very easy — create one password and use it on every account. You don’t have to write it down or remember multiple passwords.

However, it is extremely unsafe.

You must have heard about a number of hacks in 2019 alone. When some minor internet forum gets hacked, a few hundred thousand its users’ credentials end up for sale in the black market. It’s likely you won’t think about it twice. You might not remember ever using this website. You might never even hear about the breach in the first place. What are a few hundred thousand accounts from a barely functioning website in a world of billions of internet users?

What you might not realize is that if you were using the same email and password combo for every new account (including the leaked one), it is now available online. It means that a cybercriminal can now get into your email, Facebook, and tens of services associated with these accounts. You then might face demands to pay a ransom or be locked out of all your accounts forever.

Storing passwords on your browser

If you use popular browsers like Chrome, Safari, or Firefox, every time you log in somewhere new, a pop-up appears, prompting you to save the username and password combo. If you click yes, your passwords will be saved in your browser or Google account (if you use Chrome). It will autofill your credentials the next time you need to log in.

This may seem like an excellent option to many — no need to set anything up, everything is automatic, it syncs on all your devices, etc. But if you use Firefox, for example, anyone who gains access to your device can view all your passwords. There is no PIN code or master password guarding them — simply open the browser, go to settings/passwords, and there they all are.

On the other hand, Chrome will require authentication if you want to view the passwords. But if your Google account is compromised, your every password will end up in the attacker’s hands, so it’s still not a very safe option.

Storing passwords by writing them down

What if you don't trust any service to keep your passwords safe? You might think that writing them down is the right way to go. If they are not online, they can’t be leaked in a breach. But just because your passwords are not digitized, doesn’t mean they can’t be stolen.

Not to mention it’s not user-friendly. Assuming that every account has a different password, you would need to look them up every time you log in somewhere. There’s no way you can remember all of them by heart, especially if they are proper, complex passwords. What if you need to log in somewhere on the go? Taking a picture or making multiple copies don’t exactly go hand in hand with cybersecurity.

So, writing it down is far from the best option. It’s inconvenient, unsafe, and if something happens to that piece of paper — you lose all your accounts.

Storing passwords on your phone

Now that we have established the fact that writing your passwords on paper is not a good idea, we need to talk about another popular tactic that people like to use. A lot of users think that since their phone is protected by a PIN code or biometric authentication, they can just write their passwords down in a note app.

The biggest problem is that the note app stores the passwords in plaintext — they are not encrypted. If you accidentally click on a malicious link or download a shady app from a third-party app store, your device can get infected with spyware. A hacker then may be able to control your device or monitor your activity. And since your passwords are not encrypted, they become very easy to steal.

Not to mention that if your phone gets destroyed to the point that you can't use it anymore, getting your passwords could be close to impossible.

Remember them all

Let’s say you use a different password for every account, but decide to remember all of them by heart. To make it easy on yourself, you choose a password that’s the same as the service it’s for. So it’s “instagram” for Instagram, “myfitnesspal” for MyFitnessPal, and so on.

It might seem clever, but there’s one problem. These passwords are easy to crack by using a brute force attack. They are popular ordinary words, so if a hacker uses a dictionary attack, they will have access to your account in no time. And if you make it a pattern, your other passwords will also be extremely easy to guess — no special tools needed.

Best way to manage passwords

So if you are after bulletproof protection for your passwords, what should you do? Well, look no further — we know the best way to store passwords.

Without a doubt, it’s a password manager. A service dedicated to keeping your information safe is your best bet. You might think that keeping all your passwords in one place is not much better than using the same one for every account. And that’s the reason why you need to pick a reliable password manager that doesn’t mess around when it comes to security.

NordPass uses the XChaCha20 encryption algorithm to encrypt your vault. It’s fast, reliable, and on its way to becoming the new industry standard. And our zero-knowledge policy means that we can’t see your passwords. They get encrypted on your device and only then sent to the cloud. So even if someone managed to break into your vault, all your passwords would look like gibberish to them.

A password manager is not only the best tool for password tracking, it’s also very user-friendly. You can have the app on your phone, your home laptop, and work computer. They are all synced, so whenever you need a password — it’s right there.

Already saved your passwords to your browser?

No problem. You can quickly transfer them to NordPass from any browser. We even have a helpful guide you can follow.

While you’re at it, it might be a good idea to go over all your passwords and make sure none of them are the same. You should also change any passwords that you’ve been using for a very long time. We also have a couple of tools that can help you do that: password generator and password strength checker.

By using NordPass, you can rest assured that all your passwords are safe — no matter what.

Benjamin Scott
Benjamin Scott
Verified author
Ben is our tech geek. He analyses difficult topics and brings them to the reader in a nice and simple language. In his free time, he loves to compete, so he likes to participate in various marathons and triathlons.
Subscribe to NordPass news