What is the best way to store passwords?

A password manager such as Bitwarden, iCloud Keychain, or Google Password Manager. You remember one strong master password and the manager handles the rest securely.

How to Create and Store Passwords Safely

Q: Is it safe to write passwords down on paper?

It is safer than reusing passwords, but a password manager is better. If you do write passwords down, keep the paper somewhere private at home, never near your computer or in your wallet.

🔒 Privacy Policy

Last updated: January 2025. SecurityAnalysts.org is a free community service. We take your privacy seriously — especially on a security site.

What we collect

If you accept cookies, we use Google Analytics to collect anonymous usage data (pages visited, time on site, country). IP addresses are anonymised. We collect no names, emails, or personal details from analytics.

If you submit the contact form or a site suggestion, we receive the information you type. This is stored securely via Formspree and used only to respond to you.

What we never do

We never ask for your passwords
We never sell your data to third parties
We never use your data for advertising profiling
We never store payment details (support payments are handled securely by Ko-fi)

Cookies

We use one category of cookies: analytics cookies (Google Analytics), only if you consent. These are used to understand how many people visit and which guides are most helpful. You can withdraw consent at any time by clicking "Decline" below.

We also use a sessionStorage item (not a cookie) to remember language preferences and consent state within your visit.

Advertising

This site displays adverts served by Google AdSense. Google may use cookies to serve ads based on your prior visits to this and other websites. You can opt out via Google's Ad Settings.

Your rights (GDPR)

If you are in the EU/EEA, you have the right to access, correct, or delete any personal data we hold about you. Contact us at privacy@securityanalysts.org for any data requests.

Contact

Questions about this policy: privacy@securityanalysts.org

Part 1 — Creating passwords

What actually makes a password strong

Most people think strength comes from symbols and capital letters. In reality, length matters far more than complexity. A long passphrase is both stronger and easier to remember than a short, complicated password.

✅ Do this

Go long: 12–16+ characters minimum.
Use a passphrase: 4 random unrelated words, e.g. coral-storm-forge-maple
Make it unique: a different password for every important account.
Let a generator do it: use our Password Generator rather than inventing one yourself.

🚫 Avoid this

Dictionary words alone: "sunshine" or "football" get cracked in seconds.
Personal info: birthdays, pet names, kids' names — easy to find online.
Predictable patterns: "Password1!", "Qwerty123", or a word plus a number.
Small variations: reusing "Summer2023" then "Summer2024" next year.

Length beats complexity — aim for 12+ characters, ideally 16+.

A 4-word random passphrase is both strong and memorable.

Never reuse a password across more than one important account.

If you can remember it easily, a stranger might guess it too — when in doubt, generate it randomly instead.

Part 2 — Storing passwords

Where to keep them once you've made them

Creating a strong password is only half the job. If you store it somewhere unsafe, the strength doesn't matter.

✅ Best way: a password manager

Stores every password encrypted behind one master password. You only ever remember one thing.

Bitwarden — free, works on every device.
iCloud Keychain — built in, great for Apple users.
Google Password Manager — built in, simple for Chrome/Android.

See our full Password Manager Guide for help choosing.

🚫 Never store passwords here

Notes apps — searchable instantly if your phone is unlocked or your cloud account is hacked.
A spreadsheet or Word document — looks organised, but is plain text with zero protection.
Sticky notes near your computer — fine for home, risky in an office or shared space.
Emailing them to yourself — if your email is ever compromised, every password goes with it.
Browser-saved passwords — convenient, but only as safe as your device. Fine as a backup, not your main vault.

Pick one password manager and commit to it — switching constantly causes more risk than picking an imperfect one.

Make your master password the strongest one you own — it protects everything else.

Turn on MFA for the password manager account itself.

If you must write a password down on paper, store the paper somewhere private at home — never in a wallet, bag, or on a visible note.

Quick answers

Common questions

What makes a password strong?

Length matters more than complexity. Aim for at least 12–16 characters. A long random passphrase of 4 unrelated words is often stronger and easier to remember than a short password full of symbols.

Is it safe to write passwords down on paper?

Safer than reusing passwords, but a password manager is better. If you do write one down, keep the paper private at home — never near your computer or in your wallet.

Should I use the same password for multiple accounts?

No. If one site is breached, attackers automatically try the same password on hundreds of other sites within minutes. Every important account needs its own password.