ads

How to Create, Store and Manage Passwords Securely

Authored by:
Support.com Tech Pro Team
This Guided Path® was written and reviewed by Support.com’s Tech Pro team. With decades of experience, our Tech Pros are passionate about making technology work for you. We love feedback! Let us know what you think about this Guided Path® by rating it at the end.

There's great value in having tough passwords that aren't easy to crack. This is true for home users and business owners alike. Losing access to an account can snowball quickly into a mess that can take years to undo.

This isn't new news. Security experts have been warning us for years about the risks. They remind us to not use birthdays, last names or commonly used passwords. Yet, a good percentage of users ignore the advice. Or at the very least, they create one complex password that is used for all their online accounts.

As we'll point out in this article, creating unique and robust passwords for all our online websites is achievable by all. Reduce the risk of identity theft, being doxxed and other crimes by using the following information.

How to Create the Perfect Password

The first step in securing a login is ensure that it isn't easily guessed or susceptible to attacks.

The advice given for password creation has changed a lot over the years. It used to be said that they should be as complex as possible. While it is true that complexity helps, it's still easy for computers to guess these if they're short. The new rule is that length is king.

To illustrate, we can test a few passwords on a password testing site. On the site I chose, the password Nova!1970 took around 70.02 seconds to crack. Meanwhile, the password volcano plane baby will reportedly take 6 years! It seems counter intuitive to use words found in the dictionary, but the fact is it is much harder for a computer to guess the latter. The longer the better.

Memory-Based Approaches

Pick a Passphrase

Random passphrases like the one above are great, especially if you season them with some uppercase letters, numbers and symbols. They are infinitely easier for the average user to remember than a complex string of characters like wcd*m6\.E+\uhYw.

Try to pick words that aren't easily guessed. They should be words that only have meaning for you or something completely random. Be aware that our minds aren't as random as you'd think. If you need help picking words try an online random word generator. You can also make up words. My new password for Facebook, facebookium open upium will reportedly take 6 million years to crack.

Passphrases make for a great master password for your password manager.

Adopt an Algorithm

My Nova!1970 password from earlier didn't do so well when tested. Not a problem. Now that I have it memorized, I'll use it as a base structure. Below, I'll show how it'll be used for building complex passwords for all my online accounts:

  • Nova!1970faceb - Facebook. 26 days to crack.
  • Nova!1970netfl - Netflix. 56 years to crack.
  • Nova!1970amazo - Amazon. 12 years to crack.
  • Nova!1970twitt - Twitter. 2 months to crack.
  • Nova!1970googl - Google. 109 years to crack.
  • Nova!1970googl1 - Add # to "change" password. 434 years to crack.

The idea is to memorize the first part of the password and then add something to the end that identifies the site you're using it on. If you ever need to update the password, simply tack a number on the end. This is a sure fire way to make sure the password for every site is unique and not reused. And it's easy to remember. Most sites' security requirements will be met if the memorized part has numbers, symbols, upper and lowercase letters.

Software-Based Approaches

Another approach is to have a computer generate a password. There are many sites that can generate strong and complex passwords. Most password managers will have a generator built in.

How the password is remembered is up to each individual. There are memory-based techniques for this, but it becomes impractical when you have a unique password for every site. Password managers are perfect for this role.

Remember your password

Safe Password Storage & Management

There are all sorts of rules for creating strong passwords on all of your accounts. How do you remember them all if each one is unique, complex and long? Hint: You'd almost have to be a computer.

When it comes to remembering passwords, most rely on their memory or write them down. Paper is a low-tech solution that can work quite well. I mean you can't hack paper, right? Just be aware that relying on these methods can make one more prone to reusing passwords.

A more high-tech solution would be the use of a password management tool.

Password Managers

Password managers are so convenient and useful. They store the logins for all the sites I use and can even log me in automatically. I only need to remember the master password. When signing up for a new account, they help me generate and save strong and unique passwords.

These tools also increase a users' online security. Password managers can prevent password-reuse attacks. If a hacker manages to break into one of my accounts, I know my other accounts will be okay. They shield against keyloggers since a user doesn't need to type passwords in anymore. They can also help prevent phishing attacks because they aren't fooled by look-alike websites. Some monitor the dark web and alert you if your credentials show up in a data breach.

When picking a password manager, there's lots to consider. How much will it cost? What features am I going to need? Should I go with a locally installed software application, an online service or a hardware token-based device? Is one service better for my iPhone? Which one is best for my desktop at home? Which services offer parental controls or cloud backup for my files?

Anybody who is interested should research to find the service that best suits their needs. Here is a short list to get you started:

  1. RoboForm - Store passwords in categorized folders. Log in with one click. Password generator. Two-factor authentication.
  2. LastPass - Everything is encrypted, even your master password. Auto-fill feature for passwords and payment information. Password generator.
  3. Dashlane - Emergency contact feature. User-friendly interface. Auto-fill feature. Security monitoring.
  4. Keeper - Multi-factor authentication which helps keep hackers out. Solid encryption. Great for businesses, as well as personal use.
  5. 1Password - End-to-end encryption. Secure Remote Password. Receive alerts if 1Password discovers a breach.

Rethink Allowing Browsers to Save Passwords

Another convenient solution to remembering passwords is to allow your web browser to store it for you. Could reason that if a password manager is fine, then I can let my web browser do the job too. Right? Users who do this will want to think twice though before they let somebody borrow their computer!

Give me unrestricted access to your computer and a minute. I'll return with all of your saved logins and passwords in plaintext. In Chrome, it's as easy as going to chrome://settings/passwords/. In Firefox it's just as easy unless you enable a master password, which is not enabled by default.

Use a third-party password manager instead. Everything is encrypted and requires credentials in order to see plaintext passwords.

Don't Leave Computers and Devices Unlocked

No matter how you store your passwords, always lock devices when they aren't being used. Doing so forces the next user to re-enter the password. Nobody should have complete access to your devices without your knowledge.

Keep Computers Malware Free

A keylogger is a type of malware that runs hidden in the computer's background. It records every key pressed on the keyboard. This data is then sent over the Internet and put into the hands of criminals. This is an effective way at stealing usernames, passwords and personal information.

Taking care that our computers and devices are malware-free is a critical component of keeping passwords secure. Here are some tips:

  • Be aware of some tell-tale signs of malware. Remove malware right away.
  • Make sure computers have up-to-date and capable anti-malware protection.
  • Use a firewall. Firewalls can block information transmissions that are intended for the attacker.
  • Install security tools built specifically for detecting keyloggers.
  • Enable automatic updates. Updates patch security vulnerabilities to keep devices secure.
  • Use extreme care when downloading email attachments.
  • Use a password manager which can protect logins even if there is a keylogger.
  • Change passwords if a keylogger is suspected.

Conclusion

Creating solid passwords and managing them afterwards isn't as hard as one may think. It is possible to create complex passwords that are easy for humans to remember. Software-based solutions like password managers or web browsers can make the task easy as well. Add two-factor or multi-factor authentication for another layer of security.

Adopting some of the strategies outlined will keep passwords secure, and help reduce the risk of identity theft or other crime.

We're here to help!

Connect to a Tech Pro

Call or chat with a Tech Pro 24/7.

ads

There's great value in having tough passwords that aren't easy to crack. This is true for home users and business owners alike. Losing access to an account can snowball quickly into a mess that can take years to undo.

This isn't new news. Security experts have been warning us for years about the risks. They remind us to not use birthdays, last names or commonly used passwords. Yet, a good percentage of users ignore the advice. Or at the very least, they create one complex password that is used for all their online accounts.

As we'll point out in this article, creating unique and robust passwords for all our online websites is achievable by all. Reduce the risk of identity theft, being doxxed and other crimes by using the following information.

How to Create the Perfect Password

The first step in securing a login is ensure that it isn't easily guessed or susceptible to attacks.

The advice given for password creation has changed a lot over the years. It used to be said that they should be as complex as possible. While it is true that complexity helps, it's still easy for computers to guess these if they're short. The new rule is that length is king.

To illustrate, we can test a few passwords on a password testing site. On the site I chose, the password Nova!1970 took around 70.02 seconds to crack. Meanwhile, the password volcano plane baby will reportedly take 6 years! It seems counter intuitive to use words found in the dictionary, but the fact is it is much harder for a computer to guess the latter. The longer the better.

Memory-Based Approaches

Pick a Passphrase

Random passphrases like the one above are great, especially if you season them with some uppercase letters, numbers and symbols. They are infinitely easier for the average user to remember than a complex string of characters like wcd*m6\.E+\uhYw.

Try to pick words that aren't easily guessed. They should be words that only have meaning for you or something completely random. Be aware that our minds aren't as random as you'd think. If you need help picking words try an online random word generator. You can also make up words. My new password for Facebook, facebookium open upium will reportedly take 6 million years to crack.

Passphrases make for a great master password for your password manager.

Adopt an Algorithm

My Nova!1970 password from earlier didn't do so well when tested. Not a problem. Now that I have it memorized, I'll use it as a base structure. Below, I'll show how it'll be used for building complex passwords for all my online accounts:

  • Nova!1970faceb - Facebook. 26 days to crack.
  • Nova!1970netfl - Netflix. 56 years to crack.
  • Nova!1970amazo - Amazon. 12 years to crack.
  • Nova!1970twitt - Twitter. 2 months to crack.
  • Nova!1970googl - Google. 109 years to crack.
  • Nova!1970googl1 - Add # to "change" password. 434 years to crack.

The idea is to memorize the first part of the password and then add something to the end that identifies the site you're using it on. If you ever need to update the password, simply tack a number on the end. This is a sure fire way to make sure the password for every site is unique and not reused. And it's easy to remember. Most sites' security requirements will be met if the memorized part has numbers, symbols, upper and lowercase letters.

Software-Based Approaches

Another approach is to have a computer generate a password. There are many sites that can generate strong and complex passwords. Most password managers will have a generator built in.

How the password is remembered is up to each individual. There are memory-based techniques for this, but it becomes impractical when you have a unique password for every site. Password managers are perfect for this role.

Remember your password

Safe Password Storage & Management

There are all sorts of rules for creating strong passwords on all of your accounts. How do you remember them all if each one is unique, complex and long? Hint: You'd almost have to be a computer.

When it comes to remembering passwords, most rely on their memory or write them down. Paper is a low-tech solution that can work quite well. I mean you can't hack paper, right? Just be aware that relying on these methods can make one more prone to reusing passwords.

A more high-tech solution would be the use of a password management tool.

Password Managers

Password managers are so convenient and useful. They store the logins for all the sites I use and can even log me in automatically. I only need to remember the master password. When signing up for a new account, they help me generate and save strong and unique passwords.

These tools also increase a users' online security. Password managers can prevent password-reuse attacks. If a hacker manages to break into one of my accounts, I know my other accounts will be okay. They shield against keyloggers since a user doesn't need to type passwords in anymore. They can also help prevent phishing attacks because they aren't fooled by look-alike websites. Some monitor the dark web and alert you if your credentials show up in a data breach.

When picking a password manager, there's lots to consider. How much will it cost? What features am I going to need? Should I go with a locally installed software application, an online service or a hardware token-based device? Is one service better for my iPhone? Which one is best for my desktop at home? Which services offer parental controls or cloud backup for my files?

Anybody who is interested should research to find the service that best suits their needs. Here is a short list to get you started:

  1. RoboForm - Store passwords in categorized folders. Log in with one click. Password generator. Two-factor authentication.
  2. LastPass - Everything is encrypted, even your master password. Auto-fill feature for passwords and payment information. Password generator.
  3. Dashlane - Emergency contact feature. User-friendly interface. Auto-fill feature. Security monitoring.
  4. Keeper - Multi-factor authentication which helps keep hackers out. Solid encryption. Great for businesses, as well as personal use.
  5. 1Password - End-to-end encryption. Secure Remote Password. Receive alerts if 1Password discovers a breach.

Rethink Allowing Browsers to Save Passwords

Another convenient solution to remembering passwords is to allow your web browser to store it for you. Could reason that if a password manager is fine, then I can let my web browser do the job too. Right? Users who do this will want to think twice though before they let somebody borrow their computer!

Give me unrestricted access to your computer and a minute. I'll return with all of your saved logins and passwords in plaintext. In Chrome, it's as easy as going to chrome://settings/passwords/. In Firefox it's just as easy unless you enable a master password, which is not enabled by default.

Use a third-party password manager instead. Everything is encrypted and requires credentials in order to see plaintext passwords.

Don't Leave Computers and Devices Unlocked

No matter how you store your passwords, always lock devices when they aren't being used. Doing so forces the next user to re-enter the password. Nobody should have complete access to your devices without your knowledge.

Keep Computers Malware Free

A keylogger is a type of malware that runs hidden in the computer's background. It records every key pressed on the keyboard. This data is then sent over the Internet and put into the hands of criminals. This is an effective way at stealing usernames, passwords and personal information.

Taking care that our computers and devices are malware-free is a critical component of keeping passwords secure. Here are some tips:

  • Be aware of some tell-tale signs of malware. Remove malware right away.
  • Make sure computers have up-to-date and capable anti-malware protection.
  • Use a firewall. Firewalls can block information transmissions that are intended for the attacker.
  • Install security tools built specifically for detecting keyloggers.
  • Enable automatic updates. Updates patch security vulnerabilities to keep devices secure.
  • Use extreme care when downloading email attachments.
  • Use a password manager which can protect logins even if there is a keylogger.
  • Change passwords if a keylogger is suspected.

Conclusion

Creating solid passwords and managing them afterwards isn't as hard as one may think. It is possible to create complex passwords that are easy for humans to remember. Software-based solutions like password managers or web browsers can make the task easy as well. Add two-factor or multi-factor authentication for another layer of security.

Adopting some of the strategies outlined will keep passwords secure, and help reduce the risk of identity theft or other crime.

ads
ads