I don’t know where the idea that it’s bad to write down your passwords came from, but it needs to stop.
The average person has over 100 passwords they need to manage and expecting them to remember them is impossible.
Also, the problem is not that you write passwords down but what passwords you use.
Why Writing Your Passwords Down Is Fine
It’s all about context.
Writing down your passwords, which you keep in a little book that you hide in your home, is fine.
The only threat is anyone who gets in your home. Even then, a burglar is going after the TV or jewelry instead of that little book that you keep hidden.
What is not okay is to write your passwords on a sticky note you keep on the monitor at your work. Instead, get a password notebook that you keep in the locked drawer at your desk.
If you’re paranoid, then let me introduce you to peppering. You can pepper all the passwords or only the important ones in your little password book. Even if someone got ahold of your list of passwords, they would not have the full password.
The Real Problem
The real problem the average person faces is not that they write down their passwords but instead they reuse passwords.
For some dumb reason, people are telling others that they can’t write down their passwords. This forces people to remember passwords, and when the average person has over 100 passwords, it’s not physically possible for them to remember them all, so they end up reusing the same or similar passwords.
Password reuse is a far bigger threat than keeping your passwords in a book at your home!!!
Only a few people can reach your home or even know where to look for the password book.
But if you’re reusing the same or similar passwords on multiple sites, then anyone with an internet connection can get into your account once one of those passwords leaks. If you’re using the same password on 5 websites, it only takes one of the five to leak your password for the rest to be screwed too.
And believe me, your passwords get leaked eventually by some website, which makes password reuse a HUGE problem. To blow your mind check out https://haveibeenpwned.com/ to see where your email addresses and passwords have been leaked.
What You Should Be Doing
You should be using a password book, and in that password book, you need to give every account its own randomly generated password.
To create these passwords, use the generator we have here:
https://passwordbits.com/password-gen.html
Press the “Print This Page” button at the top to have a hard copy that you keep in your password book.
Low-security passwords are for non-important accounts like Netflix, forums, or any account that would be a mild inconvenience if it was hacked.
High-security passwords are for important accounts like your banking and email, or anything you would panic over if it was hacked.
You can fold the printed papers and use a paper clip to make a bookmark for your password book, as shown in the picture above.
When you create an account or need to change a password, pick a password from the list of generated passwords, and then mark it out so you don’t use it again.
Putting a “dot” under the capitalized words helps you remember that they are capitalized. It’s also smart to use a pencil instead of a pen in case you make a mistake or need to change the password later.
Doing it this way keeps you from reusing passwords, which is the worst thing you can do when it comes to internet security.
Are These Passwords Secure?
The most important thing when it comes to online passwords is that they’re random for every account.
A password being secure will come down to whether the website itself stores them securely. Since most websites don’t tell us how they store our passwords, we must assume the worst and say they store passwords in plaintext. If the password is stored in plaintext, or other simple hashing algos, it won’t matter how complex your password is, and thus why we push for every account to have its own random password. One account password being breached won’t affect the others if you used random passwords for every account.
The problem with password books is that they never tell you what password to use, and if they did they relied on people to make them. People are not good at being random, and going to a website to get one single new password is a hassle especially when you’re in the middle of something. Also, these online password generators often make passwords that are hard to write down resulting in many people going back to their old ways of password reuse which is very bad.
My goal is to have a webpage you can go to rarely, that will generate a bunch of random passwords for you and you print them out. It gives you the option of low and high-security passwords depending on your needs. When you need a password you pull out that paper, which you can use as the bookmark for your password book, and then select a password for that site and cross it out from the list. This way you have a unique password for every account without extra hoops to jump through each time.
The passwords that are generated are done locally in your web browser. The page that has the generator is intentionally blank and boring to limit tracking and other junk. A simple password generator that gives multiple passwords and works well with people who use password books is the goal.
Keep Organized!
If you’re going to write down your passwords, make sure to be organized.
Don’t throw the passwords on any page and move on.
Make sure to write down the username and what website it’s for.
Putting them in the correct alphabetical order helps too, many password books have tabs for this exact purpose.
What Password Book To Use?
You can use any notebook to store your passwords if you want.
They make books just for passwords that help keep you organized like these here. (Ad)
I’ve even seen password books disguised as a cookbook or poetry book.
Whatever you pick, make sure it’s not something someone may accidentally throw away. Ideally, you should hide this book, put it in a locked drawer or file cabinet if you need to.
Consider A Password Manager
Even better than a password book is a password manager.
A password manager will be better at keeping your passwords organized, and most of them will fill the password for you using a browser extension.
Not only is a password manager more secure, but it ends up making your life easier too.
No one forces you to remember phone numbers anymore because there is an app on your phone for that. So why are we treating passwords any differently? There are plenty of password manager apps that will make you more secure and your life easier.
Write Down Your Master Password
You need to make a good master password for your password manager as that is used to encrypt your vault. To make a good master password, you need to follow this guide here.
Since your master password is used to encrypt your password vault, you mustn’t forget it.
If you forget your master password, you lose access to your password manager; this is what makes them so secure. The password manager company doesn’t know your master password and can’t reset it for you. You can always change your master password if you know it, but there is no resetting it if you forget it.
So make sure to write down your strong master password and keep it somewhere secure in your home, maybe keep it in a password book.
All Roads Lead To Paper
All roads lead to you writing something down. It could be all your passwords, a few passwords, or writing down the master password to your password manager.
Even if you use a password manager, it’s still a good idea to have a password book.
Maybe you don’t want to keep all your passwords in your password manager; perhaps you keep the critical passwords locally in your password book. Since your master password is important, you also keep it in the password book hidden in your home.
It also doesn’t hurt to keep backups of some accounts in your password book even though you use a password manager. For example, keeping a copy of your email or banking password in your password book is very smart in case something happens to the password manager app.
If you turn on 2FA for your password manager, you’ll also need to store your 2FA recovery code, and once again, a password book is perfect for this.
Even if you use a password manager, a password book is a must. You can get password books here. (Ad)