It’s Okay To Write Down Your Master Password

Yes, it’s okay to write down your master password. I don’t know where the idea to not write down your passwords came from, but it needs to stop. 

Just so we’re clear, I’m saying it’s okay to write down your master password to your password manager. I’m not saying it’s okay to keep all your passwords in a notebook. Let me explain why.

Why Write Down Your Master Password?

We’re forgetful, it’s apart of being human.

Even if you know 100% you won’t ever forget that password it’s still smart to write it down. 

Where you keep this paper is the real concern. I recommend keeping it in either a safe in your home or a safe deposit box at the bank. If you have someone you trust you could also give them a copy to keep in their safe or password manager.

To be extra secure you can leave out what the password is for or use something to help you guess it.

I can’t tell you how many times I’ve come across people on the internet complaining about losing their master password. You can find them on forums and reviews for the products themselves. It’s by design that a password manager doesn’t allow you to reset your master password because if they could so could someone breaking into their servers or your account.

Theat Model: Home

The reason why it’s safe to write down your master password is due to the threat model. It’s less likely someone will break into your home and find your master password to your password manager. 

What is more likely is you forgetting your master password. 

Why Not Write Down All Passwords?

Yes, it’s true writing down all your passwords on paper and keeping that hidden in your home is more secure than a password manager. 

But that does not mean it’s better. 

People who write down passwords are more likely to reuse passwords. Password reuse is the worst thing you can do when it comes to passwords.

If you used the same password for your bank as you do for some random site, the password is only as strong as the weakest link. If that no name site gets breached so can your bank account.

Also, people are not good at coming up with random passwords. They’ll stick to kids or pets names. The problem is that many people have the same pet or kids names and use the same “?” or “123” appended to the password too. 

Curious to see if any of your passwords ever been in a breach before? Check out https://haveibeenpwned.com/Passwords. Wondering if you can trust that site? Check out my post here on it.

Unless you’re willing to give every account a genuinely random password and manually write them down then pen and paper is not the best way to store passwords. 

And for the few of you that use an algo or password system you created, please stop doing that, it’s not as clever as you think.

Digital Will

No one likes to talk about death especially if you’re young. It’s not fun, but it is something to consider. You never know what can happen and keeping a piece of paper hidden with the master password to your password manager can be super helpful in these situations.

Don’t just think about what if you pass, but what if you get in a coma or simply can’t use your tech.

A password manager can act as a digital will with all the keys to everything in your life. The mortgage, electric, and all other accounts can get paid on time. Your social media accounts can be shut down proper and not one day get breached to become a spam bot.

You don’t have to tell someone your master password but showing them how they can find it is what you should do.

Personal TidBit: It’s not the passwords to bills that are important but the passwords to the sentimental items like where they kept family photos and letters they wrote. That one little password could keep you from hearing their voice one more time or seeing the pictures they took to relive that day. Trust me, if you have someone you love write down that master password and keep track of all the passwords you use.

Some password managers like LastPass even offer emergency access. You set up beforehand who should get access to your account if something were to happen to you. The other person triggers access, and if you don’t respond to the repeated emails within the set time you set they get the account. Even if you don’t like LastPass, the accounts are free, and you could store the master password in it to another password manager that you use. Just an idea to consider.

Here is a great article from the New York Times about how important it is to have a backup plan for your passwords.

Other Options

You could even hide your master password in plain sight. I have a post here showing you how you could use a document or a URL as your master password.

Using a sentence or URL you made up is far more secure and easy to hide in plain sight. No one will be the wiser if they come across a list of URL or a document you wrote.

What Do You Think?

I’m curious to hear what others think about writing down your master password and keeping it somewhere safe. Do you use some special method to “hide” the password? Or do you think I’m crazy for recommending to write down any passwords?

I would love to hear your thoughts on this debate!

Need A Password Manager?

Here is our picks for password managers.

1. 1Password - Best all-around.

2. Bitwarden - Best free option.

3. Dashlane* - Best for new users as it holds your hands more.

4. Roboform* - Featured packed and been around the longest plus a free option. The only one with a bookmark manager which I've found useful lately.

*May receive a commission.

2 thoughts on “It’s Okay To Write Down Your Master Password”

  1. I’ve just come across your site and I’d hoped it would give me the confidence to formalise my ‘personal opinion’ and advice to my clients – that being – “Write down all your passwords”. Alas you fall short of my hopes and much of it stems from one phrase you use: –

    “People who write down passwords are more likely to reuse passwords.”

    This is simply not true. It’s nonsensical to suggest it is. The fact is people who DO NOT write down passwords are more likely to reuse the same one(s). People who write down their passwords have the freedom to create a different password for each instance.

    By way of explanation, I am an IT Trainer in a community learning centre typically dealing with the retired and over 50s. Probably the most common issue I’m confronted with is the user who seeks help because they’ve forgotten their password.

    Reply
    • I agree with what you’re saying, I even address it in the same section.

      Unless you’re willing to give every account a genuinely random password and manually write them down then pen and paper is not the best way to store passwords.

      The problem is that most people don’t create a unique password for every account. They stick with reusing the same password or making slight changes to it. People are bad at being random but password managers are not and this is what this whole post is about. I’m saying it’s okay to use a password manager and to also write down your master password to that password manager.

      I’m not against someone creating unique passwords for every account and writing them down but I also know people are naturally lazy and often revert to reusing the same or similar passwords. I cover more reasons why a password book is not as good as a password manager here… https://passwordbits.com/password-manager-vs-password-book/

      For your personal situation with dealing with the retired or anyone who is not the best with computers is a unique one. I’ve been dealing with the same and trying to figure out the best solution. Yes, writing down the passwords is a good option but the problem is the user making that password. I plan an article sometime in the future when I find a good enough solution for this type of user. It would be best to get this user to use a password manager and many of them do and love it but there are still a few that won’t.

      Reply

Leave a Comment