Your passwords online
In this cloud days, chances are, that you have your passwords stored in some online service, the people reading this may have choosen a better option, but the average joe for sure is using one Google or Apple services to store passwords to all his sites, including online banking services.
Both Apple and Google offer a very convenient service, they even suggest a stron password as soon as sign to any new place using Chrome or Safari (Android or Iphone) some other options are:
I have never used any of them, but I must admint that I use Google Chrome, and my Android phones to store passwords, I have even installed Chrome on the iPad just to have access to my stored passwords.
But, how safe is this?, we share our location, the places we visit, the searches we make on Google, we also share with it our email, and almost all pages we visit - keep in mind that if you have you account logged in when surfing the web, your browser should be sendind google the pages you visit because of Google Analytics -
As you see, we share a lot with Google, is it OK to share our passwords too?
Common sense tells us not to do it, but what are our options?
- Use the same passwords on all sites
- Keep a written down record of all the strong passwords you may use
- Have a password protected file
- Set up your own password manager server
Each of these options have its cons and pros, let's see them.
Use the same passwords on all sites
This is for sure the easiest one, but it is also the less secure, if one site gets its password database compromised, you will have to change the passwords in all sites, and do it fast.
Keep a written records of all the stron passwords you may use
This one is the least convenient, you will have to carry that notepad with you all time, what happens if you lose it? or if it gets damaged.
Anyway keep a written record of most important passwords is a good idea, only if you have a really safe place to store your notebook, otherwise it is a really bad idea.
Have a password protected file
This is something you can easily do this way, then you can store the file in the cloud (Telegram could be an option), and access it from your mobile device, you can use a
gpg app to open it.
Just keep in mind that you need to delete the decrypted file file once used, otherwise it will stay open in your cell phone, same thing if you open it in your laptop.
Set up your own password manager server
The last option is to run your own password sycing server, you may choose between some options, one is bitwarden, and another one is, Passbolt.
This one might be the best option you will have the convenience of cloud service, just like Google's or Apple's service, but self hosted, so your information is with you, of course you need some basic knowledge, and this solution is not for everybody.
Which option do you think is the best one, and which one do you use? Think about it next time you hit Yes store my password in your web browser.