Password Storage Done Right

Lets just review best practices for passwords:

1. Use a complex password. A complex password is one that doesn’t include dictionary words or common phrases that might be used in a dictionary attack. This is getting hard as previously uncommon phrases can become part of a new dictionary. Ideally use a random password.
2. Use a long password. This will help defend against dictionary attacks.
3. Don’t use the same password. Ever. This is because if the password is broken in one system, it can be used to log into the other systems.

Just to make things easier, I personally use a range of platforms so I’m looking for something that runs on:

• Windows
• OSX
• iOS

I’m not looking for something that integrates directly into the browser. I’m concerned that something that is directly integrated into the browser is too much of a target for attack. This knocks out using something like Chrome to store passwords, aside from the issue that it can only store web based passwords.

Password based services like LastPass are also an issue, given that someone cracking LastPass can then access your entire set of passwords. These systems are a huge target.

Best practices are to use a password manager. Syncing was once a challenge, but now with platforms like google drive and dropbox are far easier.

So I use:

1. KeePass2 – works on Windows
2. MacPass – works on OSX
3. KyPass3 – works on iOS
4. Dropbox – to sync them everywhere