Having a strong, complicated and unique password for each of your online accounts is super important, but also super difficult if you’re relying on remembering all of those passwords yourself. Writing them down is an option, although some other security professionals respond in shock horror when we say this. It is our belief that those who balk at the idea might change their minds when they really think about different people's needs and different threat models.
Whilst most people have the ability to come up with a complicated password, they do not have the ability to remember several different complex passwords in their head. Password managers are an ideal solution to this for many people, but for others they may be too much of a technical burden, and so writing them down is then something to consider.
Bear in mind: what is the worst thing that can happen here? People you share your house with may find the passwords and use them to get into your accounts. If that would be a problem for you, then don’t do it. But if this risk doesn’t pose a threat to you, then you can use complicated passwords without having to remember them or use a password manager, and just keep them in the book. Someone is more likely to break a weak password over the internet than they are to break into your house and steal your book of passwords as a way of getting into your accounts. This approach is fine for most people at home, but not for people who live with those they cannot trust and not for use in an office.
We must remember when handing out advice, that the most technically perfect solution, may not fit the people we need to help the most. Security isn't always about being perfect, its about raising the bar to help everyone, not just the technically savvy, to be safer online.
If you are looking for a more technical approach to passwords, something that would be more appropriate to managing them on the move or in an office, enter password managers.
Password managers act like a vault: you just need to remember one complicated password (do make it a good one!) for the password manager itself, and then you store all of your other passwords in the ‘vault’. This means you can have incredibly long, complicated passwords that offer high levels of security and you don’t need to try to remember them. You can use the password manager to suggest new passwords for you and they generally have copy and paste features so you don’t even have to type the password out when you go to log in to a site. Password managers also allow you to sync your passwords across your devices and so they are available to you when you’re on the go. Finally, password managers make it really effortless to change a password, which comes in handy when a site gets breached and you realise you were using an old password there which you may have used elsewhere.
People understandably worry about the idea of putting all of their eggs in one basket, and trusting a password manager with all of their login details. However, we know that there is no such thing as perfect security, it’s all about getting the right balance. Currently, too many people are in the position of reusing the same one or two weak passwords for all of their accounts because it is impossible to remember so many different, complicated passwords. A password manager, protected with one very strong password, offers much greater security than this. Don’t just take my word for it, see what the UK Government’s NCSC has to say on the matter, too.
So, hopefully I’ve convinced you to look into getting a password manager. They’re easy to set up and will make your online life easier and more secure. You may be wondering which one to use: three that are commonly recommended are 1Password, Dashlane and KeePass.