Passwords keep our valuable data secure—but in the wrong hands, they can spell disaster! In a world where nearly everything happens online, passwords are the last line of defense. Think banks accounts, social media accounts, sensitive company data, or delicate personal information. Failure to properly keep track of passwords leaves you vulnerable to hackers.

But let’s face it: keeping passwords organized is easier said than done. The average person has dozens of online accounts—each requiring a username and a password. And on top of demanding a password, most sites also have different multi-factor authentication methods and character requirements. Although the underlying goal is to safeguard your data, they may prove to exuberate the challenge of passwords management.

You’ll find users with an increasingly long list of varying passwords—some unique combinations of random characters and others wildly-modified version of the same password. Unless you have an eidetic memory, remembering all your passwords is nearly impossible—especially if you use unique combinations each time.

But just because keeping track of passwords is an uphill battle shouldn’t be an excuse to sacrifice your online security. Your data is worth more than you assume—and there are malicious people ready to pounce on the slightest chance to breach your accounts. So, what’s the solution? Read on for the best way to keep passwords organized.

Why You Should Keep Track of Passwords

Market data shows that people are surprisingly reckless when it comes to their cybersecurity. According to a survey by Pew Research on password management and mobile security, a significant number of Americans store their passwords on handwritten lists or memory.

Over to Britain, the UK’s National Cyber Security Centre (NCSC), millions of people use the same passwords for nearly all their logins. Believe it or not, the top 5 passwords in breached accounts were 123456, 123456789, “qwerty”, “password” and 1111111. In other words, unsecured passwords are a real problem around the world.

A strong password creates a fortress against unauthorized access to your online accounts and physical devices. The importance of a good password is even more pronounced for businesses. In addition to protecting mission-critical data, passwords also safeguard clients’ information stored in the organization’s systems.

But since most small businesses don’t have a dedicated cybersecurity team, they tend to fall in the crosshairs of hackers—i.e., they are easy picking. According to the Data Breach Investigations Report by Verizon, small businesses accounted for 43% of all data breached in 2019. Don’t be part of the “breached” statistics! Take proactive action to improve your cybersecurity. But how? Here’s how to keep track of passwords safely.

 

Best Way to Keep Track of Passwords and Usernames

The good news is that there are various secure ways to organize passwords. The options range from keeping track of passwords in Excel, using password management software, to scribbling on a paper (but take extra caution with the latter). The best tool for organizing and managing your passwords/usernames largely depends on the volume of passwords, personal needs, and the number of users.

Keep Track of Passwords in Excel

One simple, yet remarkably effective (if done right) way of organizing passwords is to use encrypted Excel worksheets. All you have to do is Google “Password log Excel template” or “Spreadsheet templates for storing passwords” and choose an Excel template that suits your needs.

Alternatively, you can easily create a customized password log from scratch. Just categorize the spreadsheet into relevant columns to capture the data—including the specific account, your login username, the password, and maybe some comments or hints.

After entering your data, the next—and arguably the most important—step is to lock the document with a secure master password. Failure to do this would leave you more exposed than before. It’s like putting all your eggs in one basket and leaving them out in the open.

To secure your all-important Excel file, open the “File” menu. Navigate to the info tab and click on “Protect Workbook.” You’ll see an option to encrypt with password. After you’ve chosen a strong password (more on this later in the article), confirm it and you’re done! Your Excel file and all your important passwords are now safely organized and secured with a hard-to-crack master password. Whenever you attempt to open the file, you’ll be prompted to provide the password.

The next step to keep track of passwords in Excel is to store the document in an easily accessible but secure location. Consider cloud services such as Google Drive or Dropbox for convenience. And NEVER save your file as “passwords.” You might as well announce to hackers that “my passwords are here and I’d like you to attempt breaching the file.”

The best thing about keeping track of passwords in Excel is that you don’t need to be an IT expert. A basic understanding of spreadsheets will suffice.

Keep Track of Passwords with Password Management Software

There are a host of database applications and password management services that can help you keep passwords organized. They function as digital vaults—gathering all your critical data and keeping it safe in highly encrypted formats.

Instead of having to remember a truckload of complicated passwords that contain all kinds of symbol and Caps variations, you only have to recall one hyper-secure password. Your data is often synchronized across PDA platforms and desktop components to ensure your information is available as and when you need it.

Some of the most popular platforms include DashLane Premium, LastPass, and 1Password. Finding the best app come down to your personal needs and preferences—including the ease of use, cost, or user reviews.

Keep in mind that while some password management services are free, others may demand paid subscriptions. But considering the amount of risk you’re exposed to by not having a secure way to organize your passwords—I’d say this is money well spent.

How to Keep Track of Passwords with Paper-Based Systems

Although digital is the future, some people tend to be reluctant with electronic password management solutions. If you fall into this category, you need to learn the best practices to facilitate the security of your passwords. Here are a few tips to leverage paper-based systems without sacrificing security:

  • Never label your notebook or password-containing card with phrases that suggest it’s a password keeper.
  • Written password should never be stored/placed anywhere visible or easily accessible.
  • When writing down passwords, avoid using the full characters. Use hints that only you can figure. For example, if one of your passwords is “24rEx2013,” you may use a hint like “date+dog+year” instead of the actual password. This acts as a precautionary level of security in case someone accesses your password keeper.
  • In addition to using hints, consider shuffling the list is a specific sequence that’s only known to you. For example, you can invert the list – i.e., the password to the first username is placed at the bottom of the list. The idea is to “code” your data—making it intentionally difficult for unauthorized people to make sense of the information.

Here’s How Hackers Steal Your Passwords

How do unauthorized individuals crack passwords when you (the actual user) can’t even recall them yourself? The truth is that cyber-crime is a major and persistent thorn in the side of global security. Trends show that cybercriminals adapt at an outstanding rate—constantly finding or developing new ways to target victims.

Did you know that hackers try to breach a computer every 39 seconds? This is according to a study by the University of Maryland—which also points out that non-secure passwords and usernames are the main risk factors. Even more concerning, the FBI and several cybersecurity companies have reported a 300% increase in hacking attacks since the COVID-19 crisis.

So, which techniques do hackers often use—and how do you password organization habits play into all this?

  • Brute Force Attacks

This is the oldest trick in the book. A hacker methodically guesses all the likely combinations of a password until one checks out. As you can imagine, this is a labor-intensive process and the odds of succeeding are low—unless the cybercriminal knows you on a personal level. Rather than guess the passwords manually, hackers use specific tools that can process millions of login attempts. This is where weaker passwords fail—as they’re easier/faster to steal.

  • Password Leaks

Time and again, disturbing news emerge of a company that was hacked—and user passwords/records leaked. Examples of major players who have been on the receiving end of password leaks include Adobe, LinkedIn, eBay, Canva, UnderArmour, Dubsmash, and Yahoo. In the case of Yahoo, the company announced a breach that affected 3 billion accounts—making it the largest hack attack in history.

If the hacked records are leaked and a cybercriminal gains access to your account, he/she can try to tap into you other accounts—hoping you reuse your passwords. This highlights the risk of using one uniform password across all your accounts.

  • Phishing

Phishing is a cybercrime that takes advantage of human nature. The general idea is to trick an unsuspecting user into revealing sensitive information such as credit card details or login credentials. A common tactic used by hackers is disguising their malicious apps/websites as legitimate services.

Any information entered in the disguised website is sent to the cybercriminal—who then freely accesses your private accounts. Based on the fact that it exploits an inherent vulnerability is our psychology, anyone can be a victim of phishing attacks. The best way to safeguard your sensitive information is by learning how to identify misleading apps and websites.

  • Keyloggers

For those who manually type their passwords every time they log in to a service, keyloggers may pose a serious threat to your cybersecurity. These are malware that run in your computer’s background—collecting data on your key presses. This information is sent to a hacker who then users your typing heat map to guess your passwords and steal credentials. Since a keylogger can run virtually undetected, it’s important to invest in a robust anti-virus program.

  • Post-Exploitation Tools

A data breach means that the flaws in your system have been identified—and the cracks exposed. Hackers use post-exploitation tools to dig deeper into your system and harvest all the information they can. They often work fast to fully exploit the hole in your system before you enforce security measures.

Tips to Create a Good Password

“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.”

Clifford Stoll

As part of learning how to keep track of your passwords and usernames, it’s important to have a strong password in the first place. Here are a few password best practices to improve your cybersecurity.

  • Make it Unique: Reusing passwords across different platforms, apps, and websites is one of the worst mistakes you could make as an individual or small business. It exposes you to all kinds of malicious attacks by hackers. Always make each login credential unique—even if it’s for short-term services. There’s always a risk that you may provide important credentials in one of these “insignificant” services.
  • Keep it Long: The longer your password the better its odds of weathering a brute force attack. Stringing a number of words together—maybe 16 or more—makes your password exponentially more secure. For example, a long phrase such as “offersadviceasheronkeepthebestwaystotrackofpasswords” is quite hard to crack, yet easy to remember if you intentionally randomized the combination.
  • Randomize: Try and use a random combination or string of phrases whenever you create a new password. Steer clear of common phrases such as the name of your children, pets, anniversaries, or birthdays. With a thorough internet search and a few malicious tools, a hacker can gather enough personal enough to hacks these common phrases. Alternatively, you can use a trusted password generator to shake things up some more.
  • Update: Whether you’ve received a notification of a data breach or not, it’s advisable to update your passwords every few months—or immediately if you suspect a leak. This is an important safety measure to keep your credentials safe in case the login service was breached.
  • Be Wary of Sharing Sensitive Credentials: Anyone with access to your passwords is one more target for hackers—and additional risk to you. For this reason, always avoid sharing your credentials with anyone unless it’s absolutely necessary. Some multiple users may even update the passwords—locking you out of your own accounts.

Secure Your Passwords! – The Time-Bomb is Ticking

The next cyber breach is around the corner! And it’s up to you to make sure you’re not the next victim. In a digital world where hackers are evolving at an astonishing rate, it’s crucial to safeguard your login credentials using the best password management practices. This includes creating strong passwords and learning how to keep track of passwords safely.

A few minutes of your time to set up a password could save you from years of losses due to data breaches. And if recalling these credentials is a challenge, consider using some of the best ways to keep passwords organized—as highlighted in the article. It may either by a paper-based system, Excel spreadsheets, or password management software.

For more on how to navigate the ever-changing cybersecurity landscape, detect malicious attempts, and secure your mission critical data, reach out to Asher Security today. We leverage years of experience and the best practices to protect Minnesota businesses from cyber-attacks and hackers.

 

7 Ways to Improve Your Cybersecurity Reporting to Executives and the Board of Directors

A guide for cybersecurity leaders that will help you gain the reputation of a solid leader, while preventing you from making the mistakes I made when I was projected into reporting. This guilde will equip you and remove the stress and anxiety so that you can be clear and bold in your opportunity to prove you're the right person for the role, and your plan is on track!

You have Successfully Subscribed!