How many of us have been guilty of writing passwords on sticky notes and leaving them attached to our screens?
While writing down complex passwords on a piece of paper solves the dilemma of remembering them, it does pose a lot of security concerns. Since every password is a gateway to sensitive information, it can cause significant problems if compromised.
So why do people still use the old-fashioned way of writing down passwords? What are the alternatives to remembering passwords? And how can we make our passwords more secure?
Why Do People Write Down Passwords?
The simple answer is that it is very convenient! Other reasons such as lack of security awareness and being unaware of password management alternatives can also play a part.
With multiple email addresses, dozens of apps, and social media accounts, most people are tasked with remembering tons of passwords. To make matters worse, passwords nowadays are required to be unique and complex with special characters thrown into the mix.
And believe it or not, a quick search for a "password notebook" on the internet brings up thousands of options: these are notebooks that you can buy just for jotting down all your precious login credentials. One can only imagine what happens if that notebook ever gets stolen!
Secure Ways To Remember Passwords
Fortunately, password management is evolving rapidly and newer, easier, and more secure ways of remembering passwords are now available.
The following ways can help you remember passwords without having to write them down on a piece of paper:
An Encrypted Note on Your PC
Storing your passwords on an encrypted note on your computer is a great way of remembering, as well as safeguarding, them.
The encrypted section of a note requires a master password to access it, so set up a long and hard-to-guess password but one that is easy for you to remember.
To encrypt text using Evernote for Mac or Windows, follow these steps:
- Open a note and highlight the text that you wish to encrypt.
- Right-click the highlighted text and select Encrypt Selected Text.
- Enter a passphrase into the form. This passphrase will be required whenever you attempt to decrypt this text.
- Once you set the passphrase and confirm, your text will be encrypted.
With several different accounts and a plethora of passwords to remember, most users need some sort of central management for their passwords. This is where password managers such as LastPass come into play.
Most password managers work by generating completely random and unique passwords of any length that you require. Above all, you only need to remember one password to access your password manager. Once logged into the password manager, you can automatically log in to any of your stored accounts without needing to enter any further passwords.
Generally, there are two types of password managers:
Personal Password Managers: Personal managers like LastPass manage passwords for individual users or employees for application access and services.
Note: LastPass used to offer a free tier for all types of devices but they've added restrictions where free tier users can only view and manage passwords on one category of devices—either smartphone or computer.
Privileged Password Managers: These are specialized password managers such as BeyondTrust for enterprise solutions and are responsible for securing and managing enterprise-wide privileges and credentials. Privileged credentials grant access to the top-secret systems, accounts, and the most sensitive assets of any organization.
Various gadgets are available that can be used for remembering and keeping your passwords secure at the same time.
One such gadget called Password Safe is a small hand-held device that can store information of up to 400 accounts and uses 3 AAA batteries.
Another popular option is an encrypted USB flash drive known as Keypad Secure FIPS Certified Memory Stick. It can keep your critical files secure and you could keep your passwords safe in there as well. Each flash drive comes with a unique ID and if you ever forget your password, the company will send you a 10-bit dynamic password.
All popular browsers (Firefox, Internet Explorer and Google Chrome) provide the option to save passwords that can auto-populate the page, so we do not have to enter them each time we access the same websites or accounts.
However, this method is not the safest alternative to pen and paper as internet browsers can fall victim to browser fingerprinting and malware attacks.
Tips for Keeping Your Passwords Secure
Here are a few tips to keep your passwords secure.
Implement Multi-Factor Authentication
Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) grants access to a user only after they have successfully presented two or more pieces of evidence through multiple devices. It provides an added layer of security by asking the user to provide an extra set of credentials rather than just a plain old password.
It is strongly preferred to use a time-restricted One Time Password (OTP) from an MFA app such as the Google Authenticator.
Create Strong Passwords With Long Passphrases
Robust passwords have long passphrases that are easy to remember yet difficult to guess. They should be at least eight to 13 characters in length and represent a combination of both uppercase and lowercase letters along with symbols.
Also, keep in mind that the passwords should not be so complicated that they force the users to write them down everywhere.
The best practice is to create a password representing a story or use a Person-Action-Object (PAO) terminology. For example, take the first letters of each word from the sentence “a crazy white fox is jumping over a fence” and combine it with a variety of numbers or symbols to come up with a unique but memorable password.
Check Your Credentials Regularly
several online databases and agencies such as haveibeenpwned.com can check if your passwords and accounts have been part of a data breach.
You should regularly check your credentials against the backdrop of these databases to save yourself from using or setting a potentially exposed password.
Re-Think Password Security
In today's data-centric world, passwords are a necessary evil. With all the websites and accounts we log into daily, remembering passwords can become a daunting chore, making us resort to sometimes writing them down on a piece of paper.
On the flip side, insider threats and cyberattacks are also increasing at an alarming pace and passwords are the biggest source of contention. It's important that both individuals and organizations re-think password security and try to incorporate new ways to secure passwords and let go of traditional ones.
So, next time you start scribbling passwords on a sticky note, just pause and think about how you can create passwords more effectively and save them securely by using login management alternatives.