There are tons of articles on the web about various tools that can help you securely store your passwords. These articles, however, are usually just a list of software programs that often offer just a short description of each tool.
In this article, in order to help you choose the right tool, I want to make you think about different approaches to storing passwords and the consequences of using them.
Online or locally?
When delving into the question of choosing a password storage system, you can come across two different approaches. Some tools allow you to store passwords online, while other tools store them locally on your computer. The choice depends on which approach you trust the most.
For example, several years ago, the OneLogin password manager was hacked. The developers said that hackers managed to gain access to database tables that contained information about users, applications, and various types of keys. Such attacks are not rare.
I certainly do not want to blame all cloud password managers, but I must warn you: if you choose an online password manager, your credentials could be stolen by hackers. At the same time, if you store your passwords locally, you also cannot rule out the possibility of a hack.
There is only one conclusion from this – your credentials are protected as much as the storage system you choose is protected.
Plain text or encrypted?
There is no choice here – storing passwords in plain text is not wise. It is advised to always use encryption. Most of the tools use AES-256.
Paid or free solutions?
If I think about choosing between a paid and a free password storage solution, I always conclude that paid solutions do not justify themselves. They do not offer anything special compared to their free counterparts. You can find many good free tools that will satisfy all your needs.
Standalone software or browser extension?
Basically, every web browser offers the ability to store passwords. For example, in Google Chrome, this feature can be found here: chrome://settings/passwords.
Many third-party tools are being offered as browser extensions. They are also convenient since they allow you to autofill web forms. However, please keep in mind that many malware pieces attack browsers in an attempt to take over your data. I recommend using a separate program for storing passwords only when you have strong cyber hygiene habits, and your computer is well protected.
All password managers offer an autofill feature. Yes, this is incredibly convenient as you do not need to enter many fields all the time. But from a security point, this feature poses a serious risk. During a phishing attack, hackers may use this feature, causing your browser to reveal your personal data.
The autofill feature can be exploited to steal credentials and other data. Hackers can collect data using invisible forms. When a user fills out a form, for example, by entering only the email address, the browser will fill in all other forms with all credentials automatically, even if other forms are not displayed on the screen. So, think about turning off the autofill feature in your browser settings.
In the end, it is a good idea to simply store the encrypted text file and choose a strong password for it. This is the simplest solution that does not require the installation of special software.