Updated May 2023:
When helping clients log in to their computer or websites, often I will see them pull out a scratch pad or sticky notes with various passwords scribbled on the page. There’s a better organized and more secure method to record your login information.
Use a password system
For years I’ve recommended using a variant of my password system to help you memorize the unique passwords that you use for every device and web site. When changing existing passwords I recommend starting with your email password, then financial and social networking websites, followed by the less-important web sites that you’ve used over the years. Your email password is your most important password since many websites send password reset requests to your email address. If a hacker gains access to your email, they could change the passwords and lock you out of all of your online accounts.
Use the password manager built into your browser or device…
In addition to using a system where most of my passwords are easy to remember, I also use a password manager to keep my passwords and secure notes well-documented and synchronized between devices. If you don’t need the sophistication and advanced features of a paid password manager, you can use the password manager built right into your web browser, device and/or smartphone.
…or consider a password manager with more features that can be synced between multiple devices
But if you want your passwords synced between multiple web browsers (Chrome, Edge, Firefox, etc.) and/or multiple operating systems (Windows, macOS, ChromeOS, iOS, Android, etc.), you’ll need to pay for a multi-platform password manager, that also offers more advanced features such as:
- Multi-factor authentication: This adds an extra layer of security to your password manager by requiring you to enter a code from your phone in addition to your master password.
- Password sharing: This allows you to share selected passwords with others securely.
- Password audits: This feature can help you to identify weak or compromised passwords. Some password managers will even automatically generate new passwords for you if they detect that a password has been compromised.
- Security breach alerts: This feature will notify you if your password manager is ever hacked. This will give you the opportunity to change your passwords and protect your accounts.
- Emergency Access: Setting up emergency access lets you share all of your passwords with predetermined person(s) in the event that you unexpectedly become hospitalized or die. If the person(s) request access to your passwords, if you didn’t want to allow the request you would have to deny the emailed request after a predetermined period of time – usually a week. Otherwise your passwords would be available after the waiting period.
- Photo storage: Store photos of important documents such as a passport, driver license, social security card, insurance cards and credit cards.
- Password generator: A password generator can help you to create strong, unique passwords for all of your accounts.
- Password strength checker: A password strength checker can help you to identify weak or compromised passwords.
- Form filling: A form filling feature can automatically fill in your login information on websites and apps.
- Secure notes: A secure notes feature can allow you to store sensitive information, such as credit card numbers, bank account numbers and social security numbers.
- Travel mode: A travel mode feature can temporarily disable your password manager when you are traveling, which can help to protect your accounts from being accessed while you are away.
- Limit access to certain countries: If you don’t travel beyond the United States, consider allowing access to your password manager while logged in from the U.S. When traveling, temporarily allow access when logged in from other countries of your choosing.
To help you decide on a multi-platform password manager with advanced features, check out a review of The Best Password Managers | PCMag.
Less secure options, but better than nothing
Another option to manage your passwords that also backs up to the cloud so you don’t lose them is to use the Notes app on Apple/iCloud devices, or Google Keep which is available on most devices. Make sure that each of your devices where you use Notes or Google Keep are synchronizing with your cloud account, and each device where you are logged in needs to be protected with a secure password.
If you prefer to keep your passwords in a typewritten form such as a document or spreadsheet, never name the file “passwords”, nor include the name “password” in the content of a file – both are easily searchable on a computer. You can also password-protect a document or spreadsheet with a password that you can easily remember or is stored in a secure and memorable location. Also, don’t type the entire password – just parts that aren’t easily memorable. For example you could type the name of the website and date, but use an underscore “_” or dash “-” for characters of the password that you’ve memorized without revealing the entire password to someone that you may not want to view your password list. For example, my typed Yahoo password would be M – – Y – – 0 9 1 6 – I know what characters are represented by dashes.
The least secure option, with no backup in case of loss
A low-tech method for keeping track of your passwords is using a password log book such as this #1 Best Seller at Amazon. I suggest not writing complete passwords in the book, but hints to the password (see above). Also you should store the book in a locked fire-proof safe or non-obvious location, remove the cover sleeve that says “passwords”, and make sure your spouse and next of kin know the location of the book.
For all logins include the following 5 pieces of information at a minimum:
- Login name (e.g. AAA)
- Website address (e.g. www.aaa.com)
- Username/email address (e.g. myemail@myemail.com or mesmith89501)
- Password – labeled “pw” (e.g. AbcAaa123)
- Date (e.g. Changed 2/14/2014 due to data breach)
If you need help setting up any of the methods mentioned above, we can help.