Creating passwords can sometimes be an agonising task. However, once you have successfully created a strong, complex and unique password, you may need to think about how you are going to store your passwords.
Before talking about secure password storage, we have to first define what insecure password storage is. Generally, we can say that the more people that have access to a password, the less secure it is. If more than the one or two people who should have access, can access, then it is not secure.
What if it is stored in a text file on your computer, or on a piece of paper in your top drawer?
Hackers don’t limit themselves to passwords they find on the Internet or those they crack using tools. Instead, the hacker may not be a faceless stranger living hundreds of kilometres away, it could be someone with access to your computer systems, a colleague in your office, a curious friend, a family member in your home, or a burglar. A text file on your computer may be accessible by someone with physical or remote access to your computer. It is not secure. A piece of paper in your top drawer is accessible to anyone who opens that drawer. It is not secure.
So, what is secure?
There are numerous password managers available, such as KeePass or LastPass. This type of software can be configured to create secure passwords for you, store them in a central repository, and encrypt them so that only a Master password, or hardware authentication device such as a YubiKey, can unlock them. So long as your master password is complex and unique enough, your passwords will be generally more secure.
Offline password managers, such as KeePass are more secure, but convenience suffers as there is no synchronisation across devices.
Online password managers, such as LastPass, offer greater convenience but have risks associated with using them as the encrypted password data is stored in, and accessible from, multiple locations.
Many password management systems can also be configured to require multi-factor authentication, which can involve the use of a token in conjunction with the master password, to provide an extra layer of security. Using a password management system means that you don’t have to remember passwords for a large number of sites, nor do you have to spend time thinking of new and unique passwords for sites you may not frequent often.
Storing passwords securely is often an afterthought in people’s busy lives. However, with some initial preparation, it can become an easy habit which ensures a more secure first line of defence for your information and accounts.
If you have any questions about secure password storage, or want to know more about setting up a password manager, please reach out to us.