Best ways to store your passwords: A comparison

Passwords flying into a vault.

We hear it (and harp on about it) a lot: Create strong passwords that are long, unique, and hard to guess. But with all the shopping, email, social media, and other app accounts, you better also have a good way to store your logins. 

Writing it on a Post-It and sticking it on your fridge is one way. But there are others. Here’s our roundup of the best and worst methods to store your passwords.

Best: Password manager apps

Pros:

A password manager is a program or service that helps you create and store passwords in a personal digital vault. By using a password manager, you won’t need to remember any of your passwords. Instead, a single master password is used to unlock your list of logins. 

After unlocking them, most password managers also automatically fill in login fields for sites and services that you use, providing greater convenience.

The greatest benefit of using a password manager is it allows you to create very long, complex, nonsensical passwords for each account. You don’t have to worry about remembering them, so they can just be gibberish—and no one will be able to guess them either.

Cons:

If you forget your master password, you might not be able to recover your logins. If your master password is compromised, all of your account login details could be at risk. That said, it’s widely accepted that the benefits of using complex passwords on all your accounts outweighs the (small) risk that someone will find out your master password.

Premium subscriptions to password manager apps also cost money, but you get high security and the ability to save many logins.

Would we recommend this?

Yes—it’s the gold standard in password storage.

Okay: Password managers in browsers

Pros:

Most browsers, like Chrome, Firefox, Edge, and Brave, have functionality to save passwords on the browser itself for faster authentication. This is convenient and free.

Cons:

In certain cases, anyone who borrows your device and uses your browser will have access to your logins. This is why you should enable two-factor authentication on your in-browser password managers.

Further, using a browser’s built-in password manager locks you into using that specific browser. In other words, if you use more than one browser, it may be a hassle to access login details on your various services.

Would we recommend this?

If you only ever use just one browser. Don’t forget to turn on two-factor authentication.

Bad: Digital documents

Pros:

Pasting all your passwords into a document on your computer or saving them by email is… actually we can’t think of any pros.

Cons:

This is possibly the least secure way to store your passwords. There is a decent chance of someone stealing your passwords all in one go, thanks to ease of copying digital files and the frequency of data leaks.

At the very least, ensure the platform or files you use are encrypted and password-protected themselves.

Would we recommend this method?

No.

Sounds bad, but not the worst: Writing it down

Pros:

Honestly, as long as you keep your bits of paper in a secure location that you can access easily—it’s not that bad of an idea. Further, it’s literally impossible to hack a piece of paper…

Cons:

However, updating a paper document periodically would be a hassle, and if anyone were to discover your secret hiding spot, it wouldn’t go down well. Also, you don’t get to copy and paste your password, discouraging you from creating long, complex passwords.

Would we recommend this?

If you have a really good hiding spot… who are we to judge?

Basic but has its merits: In your head

Pros:

Your brain can’t be hacked, and your password dies with you.

Cons:

It’s impossible to save numerous randomized passwords in your head. This means you’re resorting to “formulas” or reusing passwords, which is an unsafe practice when it comes to account security.

Would we recommend this?

If you have very few logins and a good memory, go for it!

Tips for creating passwords

1. Long, unique, randomized

Rule No. 1 is creating long, unique, randomized passwords that don’t mean anything to you or anyone else. Strong passwords should always include a combination of uppercase and lowercase letters, numbers, and symbols. The longer the password, the harder it is to crack.

A good example is: MnjJL1b:&UXX+J@i,lpJSi|

Try out our strong password generator here!

2. Try using passphrases

Generally speaking, the main difference between passwords and passphrases is that the latter can be composed of words and incorporate the use of spaces. The use of words also makes them easier to remember without making them easier to guess.

A good example is: Bananas? Chocolates! Teapots? Elephants!

3. Don’t reuse passwords

The issue with using the same password more than once is that it only takes a single instance of an account being compromised to cause a domino effect on your other login credentials. Using a different password for each of your accounts makes the likelihood of hackers being able to guess or brute force their way in much harder.

Read more: 6 common misconceptions about passwords

Phone protected by ExpressVPN.
Take back control of your privacy

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.