A secure password is the lynchpin to keeping your business safe. However, there’s often a trade-off between convenience and cybersecurity when storing your passwords. This can lead people to cut corners when storing passwords. Conversely, the most secure password solutions are sometimes undermined when team members share their passwords in an unsecured way.
Here are the best ways to store passwords online and offline.
Table of Contents
- What should you look for in a password storage solution?
- How to store a password offline
- How to store a password online
What should you look for in a password storage solution?
If you ask someone what they are looking for in the ideal password storage solution, then they’ll probably give you a security-based answer. That’s absolutely important. However, there’s a second feature that also needs to be found: convenience.
That’s because a difficult-to-use password vault can end up being a cybersecurity threat as well.
Secure password storage
There’s no question that security is the most important feature of a good way to store passwords. TeamPassword, for example, takes security very seriously. Its hosting providers have attained SOC 1 and 2, ISO 27001, and many other security designations to keep our customers’ accounts safe.
Generally speaking, secure password storage at a minimum requires a master password to access the other passwords being stored. Online, this means a password manager. Offline, it’s a safe or digital password storage device.
Convenient password storage
Nobody wants to forget a password and then lose access to their account. It’s one of the most aggravating experiences in the modern business world, even when it doesn’t cost you money. This can lead people to reuse passwords, which is a big cybersecurity risk. That’s because one website being hacked could lead to all of your accounts being compromised.
That’s just the start of the cybersecurity risks that can be caused by an inconvenient way to store passwords. Another is that if your password storage system does not allow a secure way to share passwords with your team, then team members might use unsecure methods, such as Slack messages, SMS, or email.
Then, there are the practical issues that arise from inconvenience. For example, if you use iCloud Keychains or your browser’s built-in password manager, then you end up with partial lists on each device that are not connected. You may have experienced the need to open your laptop to check your Chrome password manager when trying to log into an account on your iPhone.
How to store a password offline
Many people choose to write their passwords down on paper. They probably know that you shouldn’t reuse passwords, but remembering 100 passwords (the average number of accounts used by a person today) is impossible so they write them down. This isn’t the worst idea, but there are risks.
Essentially, your passwords become only as safe as that piece of paper. While pen and paper is the obvious method, there are other ways to store passwords offline.
Here are the best and worst ways to store a password offline.
The worst way to store a password offline
The absolute worst way to store a password offline is using a sticky note attached to your monitor. It’s even worse if you work in an office. Don’t do this!
Sometimes called a clean desk policy, employees should be trained to remove all business sensitive information from their desk whenever they leave, including when using the washroom or grabbing a coffee from the kitchen. Removing passwords, notebooks, USB sticks, etc. and returning to the desktop password screen make your business more secure.
The best ways to store a password offline
There are two ways to securely store passwords offline. The first, a low-tech solution, is to use a safe. Since passwords written on paper are only as secure as the paper itself, placing these backups in your safe is a practical way of adding security to your offline password storage process.
The second, a high-tech solution, is using an offline password storage device. These physical devices come in several varieties, some of which interface with your computer and others are completely separate.
One example is a USB stick that has a thumbprint reader. You can store hundreds of passwords on the device, and they will not display on your desktop until you unlock the device using your thumbprint. Another example looks like a label maker or calculator. You unlock the device using a master password and then can view or add new sets of credentials (username and password). These devices cannot interface with any other device or connect to the Internet. That means that, practically, they cannot be hacked.
You’ll note that using a safe or offline password storage device is inconvenient. Offline password storage is really about having a backup password list in case you forget a critical password or your online password storage system fails. Ideally, you never have to use them, but they are there in case you lose access to an account.
How to store a password online
When looking to store a password online, you should always look for encryption. Encryption is a way to protect data so that, even if it falls into the wrong hands, it cannot be read.
Here are the best and worst ways to store a password online.
The worst ways to store a password online
We’ve discussed dangerous ways to store a password online previously. The reason all of these methods are bad ways to store a password online is that they are not encrypted. If someone gains access to the document, then they have access to the password as well. Here are two especially bad places to store passwords.
Don’t store passwords in email or instant messages
If someone can open your messages or emails, then they have access to your passwords. What’s worse, email addresses are often how two-factor authentication confirms your identity or lost passwords are retrieved. That makes email an especially risky place to store passwords.
Don’t store passwords in notes or online documents.
Google Sheets is a tempting place to store all of your passwords. It’s easy to organize a table of login links, usernames, passwords, the cost of the service, and when you signed up in a sheet. You can share access to the file with people on your team, so it is convenient. It also requires being shared to edit or view the document, which gives it the veneer of security.
However, if someone manages to gain access to your email account, just like storing passwords directly in your email account, there is no encryption. A hacker could immediately see all of your account credentials and exploit them.
Notes, whether on your desktop, laptop, or mobile device, are similarly unsecure. They also make it hard to share credentials with the rest of your team, which encourages employees to share passwords with others using unsafe methods such as Slack, SMS, or email.
The best way to store a password online
Password managers are the only way to securely store passwords online. These include the built-in password managers on your mobile phone or browser as well as third-party password managers such as TeamPassword.
What really makes dedicated password managers even more valuable is that they work across all of your devices, so you can find all of your passwords in one place. Furthermore, TeamPassword gives you the ability to safely share passwords with coworkers.
Since the Chrome password manager or iCloud Keychain doesn’t have a way to share passwords safely, you lose a lot of the total security value. Since coworkers may share passwords using text or email without a better option available, the login information is still exposed.
TeamPassword is the best way to store a password online
You should look for convenience and security when choosing the best way to store passwords online. That’s because convenient features make it less likely that someone on your team will circumvent the security measures by sharing passwords via email or SMS.
TeamPassword makes it safe and easy to store and share passwords online. You can take advantage of our best-in-class security measures to protect all of your login credentials. Individually control which team members have access to which accounts, making secure collaboration possible.
Sign up for a 14-day free trial today to see why TeamPassword is the best way to store passwords online.