top of page

Password Management

Passwords are an unfortunate part of making use of the Internet. Picking a strong, memorable password is difficult. As a result,  there is a tendency to reuse passwords which is combined with the fact that our passwords are not as strong we think.

It is also a good idea to enable Multi-factor Authentication for any accounts where it is available, as this provides some additional safety should your password be exposed.

Using a password manager

A password manager is an application that means you only have to remember one password - the password that you use to unlock the password manager. All your other passwords are stored safely within the password manager.

The password manager can also take care of the primary human weaknesses involved in password management by allowing you to create unique, very strong passwords for every site that you need credentials for.


This does leave the problem of the single password that you need to unlock your password manager. This password needs to be both strong and memorable (sound familiar?). Ideally, one should pick a phrase, and mix in some punctuation and numbers. Password strength can be checked using this utility.

Writing down your master password and storing it in a non-obvious location is an option if it can be done in a physically secure manner, i.e. this is probably not your best choice for a shared office environment but may be acceptable for a home/home office context.

There are a number of password managers available both cloud based (1Password, Bitwarden, Dashlane) and those that can run locally on your workstation (KeepassX). If using a local solution, it is a good idea to backup the encrypted password file every so often.

Alternative to a password manager

For some users, a password manager may be overkill. For such use cases, a hard-copy book of passwords may be a solution. If the user has a physically secure environment (e.g. at home), storing passwords in a book which can be kept in a non-obvious location may be an option.

This does place more of a burden on the user to ensure that the password they is use is strong and that they do not reuse this. There are a number of online generators, such as this one. Again, the strength of these passwords can be validated using this utility.

bottom of page