Most people store their passwords to the multitude of websites and services in a note on their phone or in their browser, or worse, never remember them and keep resetting them every time they have to login to a site (I hope that's not you). Many people are concerned about the security risks associated with storing passwords online; they worry that online databases can be hacked, and their passwords can be stolen, leaving them vulnerable to identity theft and other types of cyber attacks. Additionally, some people feel that it is safer to store passwords locally on their devices or in a physical location, such as a safe or locked drawer. In this blog post I will be discussing security with cloud password storage as well as give you a couple of options to consider and to help you navigate the multitude of passwords we have to use in our day to day lives.
The issue : Storing passwords
The last time I checked, I had over 180 passwords that I had to remember. Can you imagine trying to store that in your notes on your phone? It would be a nightmare! The main disadvantage of storing your password in your notes is the lack of security around a note. Typically, notes do not encrypt information which means it is much easier for hackers to get access to your passwords. Additionally, there are no automatic updates when changing passwords, so if you change your password to a site, you have to manually go into the note, find the password entry and manually change it there, too. This general lack of ease of use, including your valuable time being wasted on looking for that darn password in the void of passwords on your list, wraps up the frustration of managing passwords in this fashion.
Why : Storing Passwords Online
While storing passwords online may seem like a security risk, it can actually be a more secure way to managing your passwords than storing them in a physical location or on your device. Here are the top reasons why:
Encryption: Passwords stored online are typically encrypted, which means they are scrambled and unreadable to anyone who doesn’t have the encryption key. This makes it much harder for hackers to steal your passwords.
Accessibility: Storing your passwords online allows you to access them from anywhere, on any device. This means that if you forget your password or need to access it while you’re away from your computer, you can easily do so.
Centralized Management: Storing passwords online using a password manager allows you to keep all your passwords in one place. This makes it easier to keep track of your passwords and ensure that they are secure.
Automatic Updates: If you must change your password for some reason, most password managers will automatically prompt you to update it in the password database. This is usually done by a single click of an “update” button, and the tool does the heavy lifting for you!
Password Strength: Password managers often have features that can help you create strong passwords that are difficult for hackers to guess. They can also help you ensure that you are using unique passwords for each of your accounts, which can further improve your security.
Two-Factor Authentication: Many online password managers also offer two-factor authentication, which adds an extra layer of security by requiring a second form of verification, such as a numerical code, before allowing access to your passwords.
How : What are the options?
Now that I have given you some food for thought on storing your passwords online, what are your options to manage this mountain of passwords that we need to remember in our day to day life?
In my opinion, we have 2 solid choices: 1. Use a tried-and-true browser like Microsoft Edge or 2. Use a password database like Keeper. Both offer you a centralized location to store your passwords, both use industry standard security, both offer suggestions on strong passwords to use, and both are available across platforms. Below I discuss the benefits/drawbacks to each.
Microsoft Edge - no cost, saved on your devices (cloud when syncing)
Microsoft Edge, like many other browsers like Chrome, FireFox and Brave, allows you to store passwords for websites you visit. When you enter your login credentials on a website, Edge will prompt you to save the password. Once saved, Edge will automatically fill in your login credentials the next time you visit the website.
Microsoft Edge uses the Windows Credential Manager to securely store passwords on a user's device. The Credential Manager is a built-in component of Windows that securely stores credentials such as usernames and passwords for applications, websites, and network resources. When a user saves a password in Microsoft Edge, it is securely stored in the Credential Manager.
I know – I just finished telling you not to store your passwords on your device. You’re probably now wondering, “how is this different?” The Credential Manager uses industry-standard encryption to protect the user's stored credentials. Specifically, it uses the Data Protection API (DPAPI) provided by Windows to encrypt the user's passwords with a key that is unique to the user's device. This encryption ensures that the user's passwords can only be accessed by the user who created them or an authorized user with the proper credentials.
Edge can be a convenient way to manage your passwords, but it has some limitations:
From a security standpoint, Edge relies on the Credential Manager and does not have a two-factor authentication option. If your system gets compromised and a hacker gets into it, your passwords are vulnerable.
Edge stores website passwords only; as long as you are storing only websites, Edge does a good job. As soon as you start to store other information such as databases and other information that doesn’t necessarily have a website associated with it, Edge no longer fits the bill.
Edge cannot share passwords with other people. Sometimes you need to share a password one time, maybe with a family member for your Netflix account. Edge does not have this ability. Of course, you can copy and paste the password in a text, but that is not very secure as it is plain text and can very easily be hacked.
Keeper - monthly or yearly subscription fee and cloud based
Of all the databases out on the market today, Keeper consistently ranks top 5 in the multitude of reviews on the web. I like it for a few key reasons:
Share passwords with people - As many of us with families do, we have one account for a service that we sometimes need to share passwords. If only one family member is the keeper of all the passwords, wouldn't it be nice to share those passwords with other people in the family? Keeper allows you to do this with a onetime password share. It is so easy to create a link to the password, and it allows you to select the amount of time you can share the password before it expires. The technology behind sharing passwords is very secure - see here for more information.
Offline mode and cross platform syncing - if you are not connected to the internet and want to get access to a password, Keeper allows you to do this. It also allows you to access your passwords from multiple devices regardless of if they are online or not (once setup to do so). More information can be found here
Top of the line security and verification - alongside the strongest encryption available currently on the market including AES 256, two-factor authentication and zero trust architecture, Keeper also encrypts and decrypts your passwords at the device level only, not on the cloud. This adds an extra level of security because only you as the owner of these passwords can access them once logged on to the database. Additionally, each password is encrypted as well. Keeper has a great article on how their security works here.
Two-factor authentication integration - with this feature, once you setup your two factor authentication in Keeper, it will automatically populate it for you when auto filling if needed which takes less time and is more secure all around.
Summary - Choose Something!
Whatever option you choose, please choose one! Storing the volume of passwords we have today is troublesome just for the fact of having to remember them, let alone having to worry about the security around doing so. I prefer to go with the Keeper option personally, but I am happy to support you in whatever choice you make!
It's important to note that no security measure is 100% foolproof, and there is always some level of risk involved in storing passwords online. It's important to choose a reputable password manager and follow best practices for password security, such as creating strong and unique passwords, enabling two-factor authentication, and regularly monitoring your accounts for suspicious activity. Alongside these precautions, I can guide you in some tips and tricks I have found over the years to add an extra layer of security on those few accounts that are really sensitive such as banking.
If you would like more information on this or any other topics, please get in touch by sending me a note!