what is the safest way of writing down my passwords

brannsiu

Honorable
Apr 20, 2013
144
0
10,630
0
I have just too many passwords and it's impossible for me to remember.
I understand writing down with pen on a paper and keep it somewhere else is the most secure way. However, things could get quite messy

Is saving them all on Excel sheet on hotmail one drive or saving them
all locally on PC is a better way of protecting the files against unauthorized
access?

Or should I use a third-party software specially designed for keeping all
passwords in place ?

Any advice????
 

Math Geek

Estimable
Herald
Oct 15, 2014
517
0
5,960
139
i use lastpass to handle all my passwords. can be used on pc, and mobile for free and will store and autofill all your passwords. all you have to remember is a single master password that gets you into the app. it also has a built in notepad which lets you make simple notes to yourself that also stay secured. can be anything text you like since it is a simple notepad type thing. site links, contact info or whatever.

writing them down is not very secure and possible to lose the pages. we've all been there which is why things like last pass exists :)

just don't lose your master password cause your stuff stays encrypted and no one can open it for you without that password!!
 

robax91

Honorable
Dec 26, 2012
34
0
10,610
12
A simple offline solution would be to just use a notepad text file and list the site/username/password, then take that file and add it to a password protected archive file (zip file) using a program like 7zip with a decently long password and a good encryption method, it's fast, free, and offline. You could do the same thing with that excel sheet, just zip it and put a pass on it.
 
Use a password manager. I'd suggest KeePass. Though LastPass is also pretty popular (despite a security breach a couple years ago).

https://keepass.info/

KeePass is completely free and offline. You run the program on your computer, and it maintains a database of your passwords. You access the database using either a master password (I suggest a pass-phrase to make it longer), or a key file, or both. Be sure to backup this database as it's the only copy of your passwords. If you lose it, you lose all the passwords it stores. The database is encrypted so losing it doesn't mean someone else has your passwords - they need your passphrase and/or key file to access it. Some people opt to back it up on cloud storage like Dropbox, which also makes it easier to sync between their devices. But if you don't trust the cloud you can manually copy it between your devices.

LastPass (and a bunch of competitors like it) maintain your password database (encrypted) on their cloud servers. They're generally free for personal use, but charge for more advanced features or access via more or different types of devices.

Do not write it on paper (unless it's locked in a safe or bank safe deposit box). Don't keep it in a file in Excel. Some of the biggest security breaches in history (e.g. Sony hack) were pulled off because hackers found a file with a master list of passwords in it, or the passwords were posted on a piece of paper stuck to the lunch room refrigerator.
 

BryanFRitt

Distinguished
Oct 24, 2011
1
0
18,510
0
Write your passwords down and take your passwords with you where-ever you go. Just don't loose it, or have it stolen.
 

brannsiu

Honorable
Apr 20, 2013
144
0
10,630
0



In addition to the apps you suggested,

How about keeping them on hotmail one-drive while logging out every time ?

Is it also safe as hell
 

Math Geek

Estimable
Herald
Oct 15, 2014
517
0
5,960
139
it stores them in the cloud so you do have to be online for lastpass. others will store them offline but you'll have to back it up on each device as you go.

storing in the cloud will allow any changes to be saved across everything
 

brannsiu

Honorable
Apr 20, 2013
144
0
10,630
0


In addition to the apps you suggested,

How about keeping them on hotmail one-drive while logging out every time ?

Is it also safe as hell
 

SoggyTissue

Prominent
Jun 27, 2017
158
0
710
45
I might seem crazy, but ofc i am. I make a custom pic with paint, add passwords etc to it with the writing tool. thumbnail shows whatever pawn pic i edited, but i know it has my password inside ...

simple, dirty, robust. people looking for your passwords are looking for your encrypted stuff, they wont be wanting to go through 1gb of pawn pics for an email password they dont know the email address of. well, depends on how good your pawn is.

you can also encvrypt your pics if you really want to confuse would-be snatchers.

deliberately misspelled a certain word.
 

USAFRet

Splendid
Moderator
I would not, under any circumstances, store them in hotmail/google/onedrive, or other cloud service.
Ever.

If I could use KeePass or LastPass at work, I'd use those.
Since I can't, any password generated by those would need to be written down anyway.

An encrypted Excel file.
and/or
A physical notebook in a desk drawer. I defy anyone to:
1. Break into my house
2. Discover the notebook
3. Realize what it is
4. Make sense of my password scheme

If anyone has done that, I am long dead, and no longer care.
 

Generally, the free cloud storage services like Dropbox, Google Drive, and OneDrive do not encrypt your files. That is, anyone working at these companies who gets curious can browse through your files and (if you store your password file there) read your passwords. From what I've been able to learn, the same goes for cloud file managers like Evernote and OneNote. The option they have to password protect pages doesn't actually password protect the page on the cloud server - it's still stored as clear text. The password is simply something you have to enter into the client before the client can display the info.

It's possible to encrypt your files before uploading them to the cloud storage service. But at that point you're doing the same amount of work as a password manager, and the password manager has a lot more features built in specifically for password management.
 

mwryder55

Distinguished
Dec 31, 2011
22
0
18,590
5
Another solution would be to use pass phrases for your passwords with extra characters, misspellings, and substitutions.. You could then write down a hint for the passwords that would trigger your password. For example, your password could be 8ridge0f$ighs14 and your hint could be Robin. Anyone gaining access to your list would not have much to work with determining your password but you don't have to worry about gaining access to a program first.
 

This is actually one of the reasons you should use a password manager. It generates completely random passwords.

Memorable passwords like "8ridge0f$ighs14" are usually based on modifying common dictionary words. The hackers know this, and the dictionary attacks they use against password databases are programmed to use all the common substitutions like B = 8, $ = s, 4 = H, etc. They're also programmed to try sticking on one, two, and sometimes three numbers at the end of dictionary words.

Basically, using a dictionary word in your password reduces the security of the password from about x75 per character, to x8,000 per word (number of commonly-used dictionary words). Each character substitution you have (like $ = s) increases the security x2. So a dictionary word about as secure as just 3 random characters. And a dictionary word (with substitutions) and a couple numbers stuck on the end is about as secure as 4 random characters.

This is why I suggested a passphrase instead of a password. You make up for this weakness of using dictionary words by stringing a bunch of dictionary words together.
 

USAFRet

Splendid
Moderator


Yep, passphrase.
I'd go into details of my procedure, but that's just silly to do here...:pt1cable:
 

brannsiu

Honorable
Apr 20, 2013
144
0
10,630
0
I have just figured out a way , is it similar to those suggested??

I still use cloud service, which is not encrypted, to store my logins and passes
but I write down A, B, C, D, E, which are for example, for 5 different passwords, instead of writing down the actual password

and I keep a paper somewhere else where it states

A=djghsgkdg1323242
B=skgjsdhgsg24123
C=sd2342348
....

(which are the actual passwords)

Is it a solution??
 

mdd1963

Distinguished
If you use LastPass, and pick gmail or yahool mail as your acct registration, you'd better darn sure make sure that linked account email/authentication is a secure password, as someone can then change your lastpass password via that e-mail....(leading many folks to mistakenly conclude that Lastpass is weak....)

ANother simple alternative is a notepad doc (backed up elsewhere externally/disconnected), encrypted with 7Zip, kept on your desktop for quick access...
 

It is, until you lose the piece of paper with all those letters and numbers, meaning you no longer have any idea what A, B, C, etc. stand for and are locked out of all your accounts.

This isn't purely a problem of security. It's a combination of security, ease of use, and lack of fragility (how well the password system can survive a disaster). Password manager programs are specifically designed to address each of these issues. A lot of the password storage systems people are suggesting are trying to recreate the wheel (sometimes poorly).


A lot of people are suggesting an encrypted zip file. Bear in mind that when you open an encrypted zip file, the zip program decrypts the contents and writes them to a temporary folder. The file you open in Excel or Notepad or whatever is this unencrypted temporary copy.

There's no telling how long the unencrypted copy will stick around in your temporary folder. And because it's unencrypted, it can be undeleted and read for some time even after it's been deleted. Password manager programs are designed to do the decryption in memory, making sure the cleartext version of your password is never written to disk.
 

Avast-Team

Respectable
Mar 3, 2017
223
0
2,160
52
We strongly suggest using a password manager (we do have Avast Passwords for this purpose, it is free to use). First, a good password manager should provide top-notch security, we have the details of this in a white paper if you are curious.

Also, it can be a lot more convenient; keeping your passwords all in one place for easy access or auto-fill, but with multiple layers of security.

This isn't to say that it's not possible to do this in other ways, but as Solandri said it's this combination of factors that password managers are designed to address! :)
 

Avast-Team

Respectable
Mar 3, 2017
223
0
2,160
52


We truly appreciate your support. Let us know what you think once you get a chance to try it out.
 
Thread starter Similar threads Forum Replies Date
Foxxys Antivirus / Security / Privacy 1
D Antivirus / Security / Privacy 3
Paul Wagenseil Antivirus / Security / Privacy 0
M Antivirus / Security / Privacy 0
N Antivirus / Security / Privacy 1
B Antivirus / Security / Privacy 2
M Antivirus / Security / Privacy 0
V Antivirus / Security / Privacy 2
sparky6112 Antivirus / Security / Privacy 9
apiltch Antivirus / Security / Privacy 0
Z Antivirus / Security / Privacy 2
R Antivirus / Security / Privacy 4
T Antivirus / Security / Privacy 2
V Antivirus / Security / Privacy 7
djreedj Antivirus / Security / Privacy 2
G Antivirus / Security / Privacy 21
hashir2k Antivirus / Security / Privacy 5
M Antivirus / Security / Privacy 9
M Antivirus / Security / Privacy 2
W Antivirus / Security / Privacy 4

Similar threads


ASK THE COMMUNITY

TRENDING THREADS