8 of the most dangerous places to store your passwords in

8 of the most dangerous places to store your passwords in

Password best practices dictate that users create a unique and complex password for each of their online accounts. For a password to be considered strong, it has to have 12 or more characters composed of mixed-case letters, numbers, and special symbols. Ideally, this combination must also look random and not read like a predictable word or phrase.

But as the average person has around 90 online accounts, following these guidelines means creating and memorizing just as many passwords — definitely a tall order. Many people cope by keeping copies of their passwords in convenient but insecure ways and places. Unfortunately, these storage methods often make credentials easily accessible not just by their owners, but also by cybercriminals. In this blog, we'll discuss some of the worst ways to store your passwords and what you should do instead.

Where should you never store your passwords?

Here are some of the most dangerous ways and places to keep your passwords:


It can be tempting to send an email containing your passwords to yourself. The email is saved on at least two folders (your inbox and sent items) unless you delete them, so you always know where they are.

However, many email platforms send messages in an unencrypted, easily readable plain text format. Encryption is crucial because it scrambles your messages, making them unreadable to unauthorized parties.

Should cyber criminals intercept your message as it is transmitted between your end and the email platform's servers, your passwords will be readily exposed. And even if the email was encrypted, hackers only have to break into your email account to access your passwords.

Web documents

Using online document platforms like Google Docs and OneDrive as repositories for your passwords is a bad idea. As these services are optimized for readable content, some of them do not encrypt text.

Even when encryption is available as an option, it's not always turned on by default. This means that stored passwords in these platforms are available to anyone who gains access to the right document.

Text files

Another common way for people to store passwords is by creating a text file on their computer using apps like Notepad on Windows PCs. Users can protect the file by encrypting it, but many don't know how to do this, and some of the ones who do know don't do so. Some place the file in an obscure location within the computer, but this method is hardly foolproof.

Instant message

Many instant messaging apps, such as Facebook Messenger and Snapchat, were designed for private conversations, so you may think they're secure enough to hold your passwords. Unfortunately, these apps usually stay open and do not require you to log in every time you use them. All hackers need to do to steal your passwords is to get ahold of your phone and open your messaging apps.

Your desktop background

Using your passwords as your desktop background ensures you never lose sight of your login credentials when you use your computer, but it's also a very risky move. Anyone who happens to look at your screen at the right moment will easily find your passwords. This is especially dangerous if you step away from your device and forget to lock your computer.

Working exclusively in the office doesn't make you any safer either. Insider threats are among the biggest cybersecurity risks and may include your colleagues and superiors, people who have plenty of opportunities to glance at your computer screen.

Another device without a password

Non-password-protected devices like external hard drives and flash drives are prone to theft and other physical risks. If these devices contain copies of your passwords, all it takes is for someone to find and pick them up to have access to all your accounts.


Writing down your passwords on sticky notes and notebooks is no better than using digital documents, as these are very easy to steal and copy. What's more, paper is extremely vulnerable to damage, so you're likely to lose your credentials anyway even without the involvement of cybercriminals.

Your friend's memory

Even if you trust your friends with your life, you shouldn't entrust them with your passwords. Human memory is fallible, and if you can't remember all your passwords, chances are your friends won't either. Or worse, they may end up sharing your credentials — whether inadvertently or voluntarily — with malicious parties.

What's the safe alternative?

The best way to safely generate, store, and keep track of your passwords is to use a password manager app like LastPass. A password manager encrypts your passwords and stores them in a vault locked behind a master password, as well as advanced protective measures like multifactor authentication.

You can register your online accounts with the password manager. The app automatically inputs your credentials when you log in to a registered account. This way, you only have to memorize your master password to be able to access your online accounts.

Passwords are crucial to cybersecurity, so you need to store them properly. If you want to maximize the security of your online business accounts, the IT experts at Fidelis can help. Our team can get you started on password managers like LastPass and help you ensure that your company is following password best practices.

Discover other cybersecurity solutions you need to implement by downloading this free eBook today.

For many businesses, complying with the GDPR’s specific data security and privacy requirements may sound daunting, but it doesn’t have to be. Our eBook Navigating the Data Privacy Labyrinth: A Guide to GDPR Compliance can simplify your compliance journey.GRAB YOUR FREE EBOOK HERE!