It is always interesting to me to see how other people keep track of their passwords.  I’ve seen everything from having passwords written down on sticky notes to being kept in a physical password book to being typed into a clear-text file.  The file may have been stored on a phone, computer desktop, or perhaps on a USB drive.  With today’s password complexity requirements and the sheer number of passwords that any of us need to remember, it feels almost impossible to keep up with how to log in to all of the internet hosted “things” that are so ingrained in our lives.

Writing a password down is not so bad as long as you have a way to secure it.  Unfortunately, most of the time written passwords are not locked away, and are free game for anyone who happens to stumble upon it.  I worked with a guy who said that he had nothing to hide and that he didn’t care who had his password.  But as the security guy, I’ve seen enough passwords exposed and email accounts (and others) hijacked for nefarious reasons.

The same could be said for keeping your passwords in a file that is not encrypted.  Anyone else who has access to that system has access to your passwords.  Should your system become infected with Malware, you should just assume that your passwords are compromised.  With storing passwords on a USB flash drive, there are several risks to consider.  First, there is the possibility that the drive could become corrupt or stop working, in which case you could lose your data.  Should the drive become lost or stolen, there is the issue of other people accessing your data.  To prevent this, there are options out there like the Kingston Ironkey or Kanguru Defender drives, which will password-protect and encrypt your data.  There are other methods to encrypt a USB drive yourself, but for many it is worth buying a flash drive that already does it for you.

My personal recommendation is to use password management software (1Password, Dashlane, LastPass, etc) that encrypts and stores your passwords in the cloud so that you can access them from anywhere.  As a hybrid solution, you can also use KeePass, which is a locally installed password manager and you can save its password database anywhere.  Though if you use this approach, I would definitely recommend keeping a backup copy in case the file becomes corrupt or lost.

Current generation password managers encrypt your password database, so that even if someone else finds or steals it, your passwords are still secure as long as they don’t have the key.  And many now have more advanced features that incorporate multi-factor authentication, single-sign-on integration, and team or family password sharing.  As a bonus, the more mainstream managers will check your passwords against compromised password lists of the “dark-webs.”

This is how I personally keep up with my own passwords.  Password managers today are simple, convenient, and secure.  Most are multi-platform and you can take them with you wherever you go, whether it is on your laptop, tablet, or phone.  How are you keeping up with your passwords?