Whether we're shopping, socializing, working, or doing almost anything else online, we often make accounts so that it's easy to check back or continue using services. But with all these accounts come login details, and with these login details come passwords. Our passwords often stand as the key line of defense between the exterior and interior of our accounts, so it's important that we keep them safe. But which methods can you use to securely store your passwords, and what should you avoid?

1. Use a Password Manager

person using password manager on smartphone
Image Credit: Ervins Strauhamanis/Flickr

Password managers can prove invaluable, and not just when storing your passwords. You can use these apps to store payment card details, passport information, and other sensitive data that you don't want to lose track of. In short, a password manager is a one-stop shop for keeping your sensitive credentials safe.

Password managers are easy to install and use, regardless of technical expertise. Most manager apps simply require you to create an account, or let you use their service as a guest. Note that, if you don't create an account, you may be in trouble if you lose the device on which the app is installed, as the passwords are being stored locally on the device itself.

Once you're all set up, using a password manager is very straightforward. Often, it's like adding contacts to a contacts list. Simply enter the credentials you want to store, hit the save button, and the app will securely store the passwords. If you're using an online password manager, your credentials will be stored in the cloud via an internet connection.

If you're using a good password manager, your sensitive date will then be encrypted. There are various kinds of encryption protocol that a password manager may use, such as AES-256 or XChaCha20. Make sure the encryption algorithm being used has been deemed secure by cybersecurity experts before entrusting your data with a given password manager.

2. Use an Encrypted Flash Drive

minimal usb drive with key symbol on front

While you can use any old flash drive to store your passwords, a typical USB stick that you'll find at your local department store likely won't be designed to shield private data. Typically, when you plug a USB drive into a computer, the files it stores become instantly accessible. So, if you're storing passwords on a regular flash drive, and it falls into the wrong hands, your passwords could be at risk.

This is where encrypted flash drives can come in handy. An encrypted flash drive is specifically designed to safeguard all stored information, using password protection, encryption, and backup methods. Note that these are generally pricier than regular USB drives due to their additional features, but if you tend to store a lot of sensitive data on flash drives, grabbing an encrypted drive may be a worthwhile investment.

However, you can save a buck by encrypting the flash drive you already have. There are USB encryption software programs out there that you can install on your computer, making it possible to secure the data on your USB stick.

3. Salt and Pepper Your Passwords

Salting your passwords is a great way to make things hard for malicious actors. If you store your passwords in plaintext, they can be instantly used to access your accounts. However, if you salt your passwords, they become highly secure.

When you salt a password, you add a 32-character (or more) string of text at the end of the password, and then encrypt it. To salt a password, you use a random generator to get the 32-character string. This is what is known as the "salt". After the salt is added, the password is hashed. Hashing is a form of one-way encryption that converts plaintext data to ciphertext data. A hashing algorithm, such as SHA, is used to convert the data in this way.

Along with salting, you can also pepper your passwords. Peppering and salting are pretty similar techniques, but take place in slightly different ways.

With salting, the website or platform itself knows and stores the salt of the password (in plaintext) so that it can be added before hashing. This added value is single-use and is kept together with the password itself. With peppering, on the other hand, the secret value added to the end of the password is reusable, and is not kept along with the password itself.

4. Keep a Backup Storage Method

image of black samsung solid state drive

If you happen to lose your entire database of passwords, things can become difficult very quickly. Not being able to access your accounts and having to change each password one-by-one could take hours, so it's important that you always have a backup storage method in place.

This could either come in the same form or a different form of storage to the original. For instance, you may store your passwords using a password manager, but also have a secured USB drive to hand that also stores this information. Alternatively, you can use the backup feature offered by many password manager apps.

You could also keep a paper-based list of your passwords, but it's crucial that this is kept in a safe location to avoid being damaged or stolen.

5. Construct Your Passwords Well

green password and lock icon on black screen
Image Credit: Christiaan Colen/Flickr

While this tip doesn't have anything to do with the storage of your password, it is definitely something to keep in mind. Passwords are often accessed by cybercriminals through password cracking. Cracking can come in many different forms, but often involves searching through thousands, or millions of possible combinations until the correct one is found. In other words, the password is guessed through a process of elimination.

When you make your password more complex, the crack time (i.e the time it takes to guess your password) generally increases.

For example, using the password "friday112" is far less secure than using "Friday.112". This is because the latter has a capital letter and period within the password, which adds extra layers of complexity. The more additional elements you add to your password, the more combinations a cybercriminal will have to go through to crack it. If you use letters, numbers, mixed cases, and symbols in your password, it can take a criminal years, decades, or even centuries to crack. So the earlier example could become "Fr1d@Y.1!2".

What's more, using personal information, such as pet names, birthdays, and addresses, can also make it easier to crack your password. So, ensure that the passwords you use are entirely impersonal to you.

There are secure password generators you can use to create a strong password, but simply adding all the above elements to your password will likely make it strong enough.

What to Avoid When Securing Your Passwords

There are also a few things you should always avoid when trying to keep your passwords safe, including:

  • Using a non-secure app (e.g. a notes app) for storage.
  • Using a shady password manager.
  • Using the same password repeatedly for multiple accounts.
  • Remembering your passwords off by heart.

Securing Your Passwords Doesn't Have to Be Challenging

You may think that keeping your passwords safe involves lots of time, resources, and manual input, but this is not the case. There are various solid options out there today for password storage, and some proven ways to make your password as strong as possible. While you may think that your online accounts will never be targeted by a hacker, you can easily fall victim to such attacks, given how prevalent cybercrime is. So, check out the above tips to safeguard your passwords and keep them under wraps.