Password Managers

How People Currently Store Passwords

1. Memorization

Some individuals rely on their memory to recall passwords. While this works for a limited number of accounts, it often leads to simple and predictable passwords, such as “password123” or reused credentials across multiple sites.

2. Writing Them Down

Many people write their passwords in notebooks or on sticky notes. While this offers a quick reference, it is highly insecure if the notes are lost, stolen, or seen by others.

3. Browser-Saved Passwords

Modern web browsers offer to save passwords and autofill them when needed. Although convenient, this method is not foolproof, as these passwords can be compromised if the device is hacked or stolen.

4. Using the Same Password Everywhere

Reusing a single password across multiple platforms is common. However, if one site is breached, attackers can use the same credentials to access other accounts in a practice known as credential stuffing.

5. Plain Text Files

Some users store passwords in plain text files on their computers or phones. This method is highly risky as these files are easy to access without any encryption.

Problems with Current Methods

• Weak Passwords: People often create simple passwords to make them easier to remember, making them vulnerable to brute force attacks.
• Reused Passwords: Using the same password across multiple accounts amplifies the damage from a single breach.
• Lack of Encryption: Many methods, like writing down passwords or saving them in plain text files, offer no protection against theft or hacking.
• Physical Vulnerability: Written passwords can be easily lost, stolen, or accessed by others without the owner’s knowledge.
• Device Dependence: Browser-saved passwords are tied to specific devices, making them inaccessible if the device is unavailable or compromised.

Alternatives: Secure Password Management

1. Password Managers (Recommended)

Password managers are dedicated tools for generating, storing, and autofilling passwords securely. They store passwords in an encrypted vault, accessible only through a master password or biometric authentication.

Key Features:

• Strong Password Generation: Create complex, unique passwords for every account. Also, generate unique usernames and aliases for added privacy.
• Encryption: Protects stored passwords with advanced encryption algorithms.
• Cross-Platform Syncing: Access passwords across devices securely.
• Secure Sharing: Share credentials with others without revealing the actual password.

Examples:

• 1Password
• LastPass
• Dashlane
• Bitwarden (open source, end-to-end encrypted, cross-platform, and free)

2. Two-Factor Authentication (2FA)

Enhancing account security by requiring a second verification step, such as a code sent to your phone or a biometric scan.

3. Secure Cloud Storage

For those unwilling to use a password manager, secure cloud storage services (e.g., encrypted notes in Proton Drive) can be a safer alternative to plain text files.

4. Hardware Security Keys

Hardware-based authentication tools like YubiKey offer an additional layer of security by requiring a physical device to access accounts.

Recommended Password Strategy

When organizing passwords, follow this recommended strategy for optimal security:

• Bitwarden Master Password: Store securely offline with two copies in separate, secure locations (e.g., a safe or a safety deposit box). Memorizing this alone will allow you to recover every downstream password.
  • 2-Factor App Recovery Codes:
    • Google Authenticator
    • Authy
  • Sync Chain Seed Phrase:
    • Brave Browser
    • Other synced devices
  • Wi-Fi Passwords:
    • Home Wi-Fi
    • Office Wi-Fi
    • Guest Wi-Fi
  • Finance Accounts:
    • Chase
    • PayPal
    • Vanguard
    • Robinhood
  • Email Accounts:
    • Gmail
    • ProtonMail
    • Outlook
  • Ecommerce Accounts:
    • Amazon
    • eBay
    • Flipkart
  • Bitcoin Wallets:
    • Electrum
    • BlueWallet
  • Proton Drive:
    • Scanned credit or debit cards
    • Encrypted passports or driver’s licenses

Statistics of Bad Passwords

• Weak Passwords: Common passwords like “password” and “123456” are still widely used, making accounts highly susceptible to hacking.
• Data Breaches: Weak passwords contribute to over 80% of organizational data breaches.
• Password Reuse: Approximately 84% of individuals reuse passwords across multiple sites, increasing vulnerability if one account is compromised.
• Password Cracking Speed: 70% of weak passwords can be cracked in less than one second using simple brute force attacks.
• Data Breach Costs: In the U.S., the average cost of a data breach was $8.64 million in 2020.
• Productivity Losses: Organizations lose approximately $480 in productivity per employee each year due to time spent on password-related issues.

These statistics underscore the importance of adopting robust password practices and utilizing tools like password managers to enhance security.