Password Book: Risky or Rational?

Written by Sam Jones
Jan 10, 2022 - 4 minute read

Password book or password manager? With credential breaches happening left, right and centre - where are your passwords most secure?

Have I Been Breached Tool

When you’re told you need a unique password for every site, app and device you use, it’s no surprise you’d be wondering how to keep track of them all. 

While many have turned to digital solutions like password managers, others have reservations, and would much rather stick to old fashioned methods like writing them down on paper. 

Let’s take a look at the kinds of situations where a password book might be a handy thing to have around and others where password managers are the preferable option for password management. 

Password Book Pros

Let’s be honest, we’re not all technical minded, and when you’re used to remembering important things by writing them down, that’s going to be your go-to option. This is the case for many elderly people. 

The alternative password manager solution seems overwhelmingly complicated and will be yet another piece of kit you have to teach yourself to use - so why not stick with simple paper and pen? 

A book that anyone can open doesn’t seem particularly secure, but attempting to steal someone’s hardcopy is way too much effort for a hacker, so from a physical risk perspective, you can be pretty confident you won't have your password compromised as long as you keep your password book in a safe place. 

Remembering a huge selection of passwords is tough for anybody, and many will try to get around this by using the same password for everything. This is of course a huge security risk, because if one account is compromised, all your others are immediately at risk. 

At least with a password book, you have pages and pages to come up with unique passwords, making your internet presence a lot safer - right?

Password Book Cons

The problem isn’t so much storing your passwords in a physical book, but actually coming up with all the passwords yourself. Even if you’ve surpassed the ‘one password fits all’ stage and noting down unique passwords, most of the time these are still pretty weak, or just variations of your other passwords. 

We tend to generate passwords in a rush, thinking of something easy that we can relate to, and perhaps adding a memorable date like a birthday at the end. Creating a password is a chore, a barrier to the action you’re trying to complete. It’s not particularly surprising then that these passwords are so easy for hackers to crack. 

Enter the Password Manager…

LastPass-app-user-interface

A password manager is essentially your own digital password book. It will hold all your passwords in a special vault, usually only requiring one master password to open that vault. 

But the power of the password manager doesn’t stop there. Most password managers will generate strong passwords for you, so you no longer have to come up with passwords like fn5Nj2&nd0+ to protect your account. Passwords managers will even auto-fill your passwords when you’re logging into accounts, so you don’t have to lift a finger. You’ll also get the advantage of cross-device syncing with most managers. 

So why doesn’t everyone have a password manager?

With all the convenience that comes with password managers, you’d think they would be a no brainer. Truth be told, lots of people are still a bit hesitant about trusting a digital tool with their precious passwords. One survey found 65% of Americans weren’t sure about using password managers. At the end of the day, it can feel a lot safer writing passwords into a book that you can physically hold onto and put somewhere discrete. 

The distrust of password managers is primarily due to people not really understanding how they work. Many are concerned that if their passwords are being generated by a password manager, the company that owns it may be able to access all that information. 

credit-card-g18f9adeb6_1920

However, password managers operate a zero-knowledge policy to avoid this. User data is encrypted so although the password manager tool knows your password, the humans that built it have no way of discovering them. You alone hold the key to your vault. This does mean that you need to remember your master password or you’ll have to try and access all your accounts individually. Some password managers on the market are getting around this now, however, with things like biometric logins, which are a lifesaver. 

Of course, there’s always the possibility that the password manager you choose to use gets hacked, as they do make attractive targets for cyber criminals. This is a viable concern, but password managers are aware of this and keep up strong layered defences, often including military-grade encryption, so your passwords are very secure. 

There are some clever methods if a password manager hack still worries you. For example, adding a few more characters to the end of the password stored in your vault can be a good way for giving specific accounts a little bit more protection, especially for your important ones like banking and email. 

In conclusion…

At the end of the day, you will never achieve 100% security when it comes to passwords. Password managers have a lot to offer in terms of convenience and efficiency and are far superior to the password book in this respect. However, using a password manager may not always be the best choice. You would be well within your right to be apprehensive about leaving bank and email account passwords with a password manager, because if these got leaked, the damage would likely be a lot worse than an online account that holds very little personal information. In these highly sensitive cases, a password book may be a suitable alternative, but it’s also wise to enable multi factor authentication on these accounts for added security. 

With things like biometrics now a popular method of accessing our accounts, we could well be on our way to a passwordless future - but for now, the best thing you can do for your online security is to use strong passwords, enable MFA, and think carefully about the value of passwords you’re storing - be that in a book or online manager - before you decide on the best place for them!

author

More by Sam Jones