How To Keep Track and Manage All of Your Passwords Securely

Advertiser Disclosure: At Slickdeals, we work hard to find the best deals. Some products in our articles are from partners who may provide us with compensation, but this doesn’t change our opinions. Our editors strive to ensure that the information in this article is accurate as of the date published, but please keep in mind that offers can change. We encourage you to verify all terms and conditions of any product before you apply.

The average American has as many as 100 passwords across a variety of accounts, according to a Harris Poll survey, 66% of people use the same password more than once and 75% of respondents reported frustration trying to keep track of all the passwords they used.
There has to be an easier way to keep them all organized, right? There is, and one of the most popular solutions is a password manager.
A password manager keeps all the passwords in one place, secured from prying eyes with encryption to keep the hackers out. Having insecure passwords is one of the easiest ways a hacker, or even someone you know, could gain access to your accounts. Password managers help you create complex and secure passwords that you don’t have to worry about remembering—just the one password for your password manager is all you need to know.

How Hackers Can Steal Your Passwords

Credit: Pexels

• Credential Stuffing: This is when your data has been exposed in a breach and hackers get ahold of the list. They then run your username and password through an automated process that tries the same login with other sites, like a bank, shopping account or email. Since people tend to use the same password on more than one account, hackers get into more accounts than just the one that was breached.
• Password Spraying: This involves hackers using a program that will guess the most common passwords, like “Password123”. They target a large number of email addresses and make several guesses before moving on. The bonus for hackers is that spraying doesn’t trigger the lockout that many websites offer as a safety feature. They just try a few times and move on to the next email. 
  • Here is a list of the most common passwords (or variations of these words): 
    • abc123 
    • Password 
    • 123456 
    • Iloveyou 
    • 111111 
    • Qwerty 
    • Admin 
    • Welcome 
• Phishing: Have you ever noticed an email that looked like it was from your favorite vendor, but something was a little off? This is a Phishing attempt. The hackers send you a familiar-looking site, ask you to log in, and as soon as you do all that personal information is sent to the hacker.  “Spearphishing” is an even more targeted form of this tactic when the sender addresses you by name or imitates someone you know like your boss from work.
• Brute Force: This is when a hacker simply guesses passwords for accounts. It can trigger a lockout of the account due to failed attempts, which is the upside for many potential victims. Brute force is only effective for short passwords, as the algorithm to enter fake passwords takes much longer when there’s a long and complicated password.
• Unsecured WiFi: When you’re in a public place using unsecured WiFi, you’re opening the door to hackers and your password list. That nice person across from you in the coffee shop could be stealing all your passwords right now and making a large purchase with your credit card info. Using a VPN is a great way to avoid problems with public WiFi.
• Phone Number on Social Media: When you provide your phone number on social media accounts, that’s the same phone number you might use when you forget your password, right? Hackers can take that phone number, go to the login page, spoof your number to their phone, and they get the “unique code” to type in and “Viola!” they have access to your account.
• Shoulder Surfing: Think of all the crowded spaces where you enter personal information like passwords. It might be the airport, on the bus or having lunch at a cafe. A hacker can look over your shoulder or out of the corner of their eye and see your keystrokes.

Best Ways to Keep Track of All Your Passwords

Credit: LastPass

1. Use a Password Manager

A simple Google search will bring up hundreds of options to protect your passwords and safely save them in one place. If you’re concerned about all the information above, you might be wondering how you know those websites are safe to use. There are some tested and verified sources that even the government uses to protect data.

• LastPass: There is a free and paid version of this password manager program. You add the extension to your browser, choose a “Master Password” and then all your other passwords are safely stored inside. While the program helps store passwords, it has no access to your actual information. It’s stored locally and is encrypted even by the company helping you manage your passwords.
• Bitwarden: You can choose from a free version or spend as little as $10 a year for password management. This program works for individuals up to large companies. The information is stored in the cloud and is accessible across all devices you use.
• 1Password: There’s a 14-day free trial with this program, but no free version. You have options to set this up for individuals or a family. You’ll also get nudged if one of your passwords is weak and needs updating.

2. Use Encrypted Documents

If you still aren’t sure about trusting a program or extension, you can create your own password manager by encrypting documents on your computer.
Google Sheets doesn’t allow a document to be password protected, but you can limit access to specific people using their Google account. Google documents are encrypted, which means people you don’t share it with cannot access the content.
Microsoft Excel also allows you to password protect a file (Yes, another password!). You can share this document with others if you’d like, but they can’t open it without the password.

3. Save Passwords in Browser

Browsers like Chrome, Edge and Firefox provide password management by the user. If you’re logging in to a new service and the browser asks if you want to save that password, it’s going to a password manager. Generally, you can access these password lists by going to Settings and opening Privacy & Security.
Just remember if you don’t log out of everything, anyone who gains access to your computer directly will have an easy time logging into your secure accounts. Always protect your laptop or computer by enabling a lock screen with a password when not in use.

4. If You Insist, on Writing Them Down on Paper…

For those who don’t trust any of the options above, you can also continue to write passwords down on paper — with a few rules.

• Don’t leave the paper anywhere near your computer.
• Don’t put it under the laptop or taped to the bottom of your keyboard.
• Put it in a wallet or sock drawer, or somewhere secure.

Best Tips on Creating Strong Passwords

Credit: Pixabay

1. Do a Password Checkup

Log into your Google account and do a checkup of your passwords. It will tell you if you have redundancies in passwords and how many accounts were potentially hacked.

2. Let the Password Manager Generate Passwords for You

Password manager programs can auto-generate secure passwords for your accounts, usually a random string of alphanumeric characters and symbols.

3. Avoid Personal Info

The majority of you use a password that includes either a name, birthday, pet’s name, child’s name or spouse’s name. Don’t use any of those in a password. No street names, anniversary numbers, children’s birthdays or favorite superheroes.

4. Don’t Answer Personal Questions Correctly

Some websites ask you personal questions in addition to your password including things like “Who was your favorite teacher?” This information is easy to get in a regular conversation, even with strangers. Answer those questions incorrectly. Perhaps use the name of your least favorite teacher instead.

5. Stop Using Passwords

Passwords can be long and confusing. If you use a passphrase instead, it will guard against Brute Force and make it harder for anyone to guess. Something like “I caNNot tell you my Pa$$word for $afety.”

6. Schedule Password Resets

Schedule it on your calendar now. In 90 days, you’ll reset all of your passwords. It’s hard for hackers to hit a moving target.

7. Use Biometrics

If you have the technology to use a voice, fingerprint or eye scan to verify your identity, that’s a much safer form of protection.
Stop thinking of passwords as an inconvenience and realize being hacked is one of the biggest inconveniences of all. Plan your best path of password security and by all means, if you get a notification that one of your accounts has been breached, don’t ignore it. Stay a step ahead of digital criminals and change your passwords regularly.

FAQ

How will I know if my account has been breached?

Several of the password managers and web browser extensions will alert you if your password is breached. You can also be proactive and look at the website “Have I Been Pwned?” and search your email address.
Google allows you to do a Password Checkup to see if you’ve been involved in a breach. Chrome also allows you to store passwords and will give you an alert if you need to change one due to a breach.

What do I do if my accounts have been hacked?

Report it to the Federal Trade Commission (FTC) immediately through the online portal. There is also an easy-to-follow identify theft page about “What to do right away.” You can also reach out to the credit bureaus and put a freeze on your credit file so no new accounts can be opened.

Is my browser safe?

PC users should know that Microsoft stopped doing security updates for Windows XP and previous versions. If you’re using an older browser, you are more at risk. No matter what type of operating system or browser you use, always use the latest updated version for the safest surfing experience.