Is it safe to write down your passwords?

Is it safe to write down your passwords?

Nick Summers by Nick Summers on

Very few people can memorize all of their passwords – especially if they’re using unique ones for each account. Many solve this problem by embracing a password manager like 1Password, while others turn to pen and paper. The latter could be a tiny notebook, a whiteboard on their office wall, or an array of sticky notes attached to their PC monitor.

We hear two questions a lot: Is it safe to record your passwords in an analog format? And, what are the benefits of switching to a password manager?

The short answer to the first question is … yes, pen and paper can be a secure way to manage your passwords. But that doesn’t mean it’s the best way to protect your accounts and stay safe online. Read on to learn why.

Is it really that bad if I write down my passwords?

Grabbing a pen and writing down your passwords isn’t necessarily insecure. It depends on where you keep the object (your notebook, whiteboard, etc.) that contains your passwords, and the likelihood that a criminal will stumble upon it.

For example, let’s say you have a dedicated password notebook that never leaves your home office. It’s unlikely that a cybercriminal will:

  1. Decide to target you specifically
  2. Discover where you live
  3. Travel to your home, or pay someone to travel on their behalf
  4. Find a way to break into your home
  5. Locate your notebook
  6. Escape and flee the crime scene without being spotted or caught by law enforcement

Why? Because such a heist is neither cheaper nor time effective.

Instead, most criminals will use a range of tactics that don’t require them to leave their computer. They’ll try to sign in to your accounts with common passwords like 1 2 3 4 5 6 and q w e r t y . If that doesn’t work, they might check if any of your passwords have leaked online as part of a data breach. Or try to trick you into sharing your account details with a fake phishing email.

So a notebook is pretty safe, right?

Well, consider this: What happens when you leave your home? If you carry a password notebook in public, there’s a slightly higher chance that its contents will be seen by a criminal. Someone in a cafe could theoretically look over your shoulder and memorize one of your passwords, for example. You could also lose your notebook, allowing it to fall into the hands of a stranger, and thus giving them the virtual keys to all your online accounts.

The real problem with writing your passwords down

There’s an even bigger issue with “analog” password management: It’s a really inconvenient way to record, retrieve, and use strong passwords. And when we say “strong,” we mean the kind that would be almost impossible for a criminal to crack with a brute-force attack.

The reality is that very few people want to write down 100 different passwords like M # A ] E ? v X W Q @ E s 8 E i G J d = . (So boring.) Even fewer have the time or patience to type them out every time they want to sign in to one of their accounts.

Instead, most people either:

  • Use short passwords
  • Reuse the same password, or just a handful of different passwords, for all of their accounts.

Short passwords might be faster to type out, but they’re also easier for a criminal to crack with a brute-force attack. If the password is common or predictable, like n i c k s u m m e r s 1 2 3 or f a c e b o o k , a criminal can also discover it with a dictionary attack, which focuses on recognizable words and passwords recovered from past data breaches.

Reusing the same password isn’t a good idea either. It may be convenient – you only have to write it down once, and don’t have to leaf through dozens of pages to find what you need – but it also makes you vulnerable if that one password is ever exposed in a data breach.

Imagine you signed up for a new social network called CoffeePals. Then, six months later, the service was breached and every user’s email address and password was leaked online. If you use the same credentials for everything, a criminal might be able to use your leaked CoffeePals password to access some of your other accounts.

So here’s the bottom line: Jotting down your passwords isn’t necessarily insecure, provided you ensure that no one else has access to the place or object where you’re storing them. But, physical media makes it difficult to use strong, unique passwords – which is why it’s not the best way to keep your data and accounts safe.

Why a password manager is better than writing down your passwords

By now you might be thinking: Okay, I’m ready to ditch all of the password-related sticky notes on my PC monitor. What should I be doing instead?

The simplest way to create, remember, and use strong passwords is with a password manager like 1Password. Here are just eight of the many reasons why it’s worth making the switch:

  • It will generate strong, unique passwords for you. 1Password suggests credentials that are incredibly difficult for a criminal to guess or crack with a brute force attack.
  • It can store an unlimited number of passwords. You can run out of paper, but you’ll never run out of storage with a password manager like 1Password.
  • It will type out your passwords for you. 1Password lets you sign in to sites and fill forms securely with a single click.
  • Your passwords are always by your side. 1Password works on all of your devices and every major web browser – so you can access your passwords anywhere, anytime.
  • It’s safe to use. 1Password’s security model is carefully designed to not rely on any single point of failure. To decrypt your data, a criminal would need your account password, an additional encryption ingredient known as the Secret Key, and the encrypted vault data itself. (Learn more about our security model.)
  • If you lose a device, it doesn’t mean you’ve lost your passwords. Dropped your phone in the toilet? You can always set up and sign in to 1Password on another device. A notebook, meanwhile, is gone forever unless you’re prepared to make multiple physical copies.
  • 1Password can store and autofill more than just passwords. It also handles credit and debit card numbers, addresses, passport information, and so much more.
  • It will tell you when any of your passwords need changing. 1Password’s built-in Watchtower will highlight weak and reused passwords, and alert you if any of your credentials appear in a known data breach.

So long, paper

Yes, it’s possible to use a whiteboard, sticky notes, or a notebook securely. But that doesn’t mean any of them are the best way to record and retrieve your passwords.

If you feel like you’ve outgrown the physical medium, you’re not alone. 1Password is for people who want to sign in and protect their online accounts without any hassle. If you’re one of these people, make the switch and sign up for a free 1Password trial today. You won’t regret it.

Read our beginner's guide to cybersecurity

Want to learn more about how to stay safe online? Read our beginner’s guide to cybersecurity, which covers passwords, software, hardware, connectivity, and more!
Read the guide

Content Marketing Manager

Nick Summers - Content Marketing Manager Nick Summers - Content Marketing Manager

Tweet about this post

Continue Reading