5 Reasons Why Keeping Your Passwords In Notes or a Document Is a Bad Idea

Many people keep their passwords in a note or a Numbers or Pages document. This is a bad idea, but not for the reason you probably think.


Comments: 27 Responses to “5 Reasons Why Keeping Your Passwords In Notes or a Document Is a Bad Idea”

    Steve Mishket
    6 months ago

    Gary, that is very good advice and I would like to switch over but I have 75 or 100 passwords that currently exist. How do I go to each one to change it to the randomly generated computer password?
    Steve Mishket

    6 months ago

    Steve: Start with the most important sites. Go to them and change your password. When you do, it should prompt to save that password in Safari. Check to make sure it is saved. Then move on to the next.

    Steve Mishket
    6 months ago

    Thanks, I was hoping there would be a quick and easy way to do it. I should've known better.

    Steve

    6 months ago

    Steve: If there was a quick and easy way to change 75-100 site passwords like that, it would also be very dangerous if you think about it.

    Bill Hanrahan
    6 months ago

    Gary, doesn't use of a randomly generated password pose potential problems when attempting to login to a site using another computer besides the Mac that generated the password? That's what's always kept me from using generated passwords, but maybe I'm misunderstanding this. If I can get past that issue, I'd be all in on using generated passwords.

    Bill

    6 months ago

    Bill: Do you mean another one of YOUR computers? If so, then you can use the same password manager to log in. For instance, if you have two Macs, then iCloud would allow you to access your passwords on both since you'd be signed into the same iCloud account.
    If you mean another computer that IS NOT YOURS, then it SHOULD be harder to log in. If it is easy to log in, that means it is easy for someone else to log in as well. You should have to work hard to enter in a long random password in that case. Otherwise, it means your security is too weak.
    If you want to make it easy to log in by having a weak password, then expect to have your accounts compromised very soon.

    Steve Jarrell
    6 months ago

    Hi Gary, what if the other computer I have is a Windows computer? Is there a way for me to access my Apple password manager on there also?

    6 months ago

    Steve: If you have a mix of Apple and non-Apple, you should use a third-party password manager like 1Password or LastPass.

    Ian Maitland
    6 months ago

    I use a password manager but apps can and do go wrong - recently my Apple Contacts list deleted itself! If the password manager did this I would be in a mess.
    So I keep a back up list of passwords - password protected ! With a hard copy in a safe.
    Another concern is the random password generated by a password manager - it is difficult to record this in a separate document as a back up.
    I like the protection of a password manager when logging onto a site, and generally log on this way.

    Adrian Hayes
    6 months ago

    Gary - Thoughtful and useful guidance as usual, thank you. I have an iMac, iPad, and iPhone and use apps across all three, including my phone when abroad. Can I get all three looking at one Password Manager, or do I have to change passwords one device at a time? Thank you for your weekly newsletter - always read and appreciated.

    6 months ago

    Adrian: If you use the same password manager, they should work across all three easily. The built-in Apple password manager does, as long as they are all Apple devices.

    Derek McCalden
    6 months ago

    Gary. I do use a Passport Manager but must admit I still keep a record on file (suitably protected). I always have the niggling thought that, the server holding my passwords online, could crash and then how would I get into all my password protected accounts. I suppose I would have to use the 'forgot password' for each account.

    6 months ago

    Derek: As I mention in the video, it is fine to do a backup like that. Many passport managers (all?) have a way to export to a file for this reason. It is doubtful that a server crash will mean you lose your passwords as any company doing this would have backup procedures probably way better than any of us do at home.

    Becky
    6 months ago

    Why won't the most important credential of all -- Apple ID with password -- not be usable with Safari password manager?

    6 months ago

    Becky: It is. If you go to iCloud.com you can use the built-in password manager to log in. But outside of that your Apple ID is one of two ways to get into your account (account password the other one). So it is kind of like keeping your house key IN your house.

    Roger S
    6 months ago

    What sort of password would you recommend to gain access to your Mac (mini)? Other devices have Face ID or fingerprint to access, so is the Mac the weakest link? If the log in is guessed, they would have access to all Keychain data would they not?

    6 months ago

    Roger: Right, so it should be strong, unique and random. Since you'll be typing it all of the time, you'll quickly memorize it and be able to type it quickly. It is one of probably only two passwords you'll need to memorize, the other being your Apple ID password. Newer Macs have Touch ID or can come with the Touch ID keyboard, so things will be getting easier in this respect. Those with Apple Watches can use them to unlock as well.

    Mark
    6 months ago

    Thanks for a very useful and insightful conversation about the password manager built-in to Safari. I don't believe I really ever understood it to be a manager in the same way that third-party ones are (like 1Password). You've sold me on going back and, over time, converting all my passwords to strong, random ones, which will be managed via the manager. This is the sort of thing I really do enjoy about being in the Apple family of products.

    Jasper
    6 months ago

    I have to log in to machines in lecture theatres, then into web systems or OneDrive. They are not mine and don’t have my pass manager onboard. I have to use non-random passes here and remember my iPhone for TOTP.

    6 months ago

    Jasper: I would still use random passwords there. So it takes 4 seconds to type it instead of 2. Worth it. Like locking a door deadbolt when you leave the house. You could save some time by not locking it. But is it worth it?

    Jasper
    6 months ago

    Typing is no problem, it’s memory!

    The few passes that I have to run like this are still fairly strong. I tend to use long, non-words that make some kind of sense to me and won’t be in a dictionary and aren’t something publicly connected to me. eg “YltlmlycmIshthn-a125” is the initial letter of an Otis Reading song followed by a (fictitious) door code that only I know.

    6 months ago

    Jasper: With a password manager you don't need to worry about that. You can use random passwords because you don't need to remember them. That's much stronger than your method

    Hubert
    6 months ago

    Hi Gary! I have been a long time user of Firefox. Should I wish, at one stage, to switch to Safari, will the auto generated paswords used in Firefox be picked up in Safari or would i have to start again?

    6 months ago

    Hubert: Firefox (I assume) is using its own system. Or are you using a password manager like 1Password or LastPass? If a password manager, then just install the extension in Safari and you should be set. If some Firefox thing, then you have to "start again" but that isn't as bad as it sounds. The first time you log on to a site you'll need to go back to Firefox to copy the password. But then when you enter it in Safari, it should prompt you to record that password there. Then after that it knows the password. So you just do that once per site.

    Adrian Hayes
    6 months ago

    Sorry if this is a really stupid question. I am now sold on the idea of using the Apple Password Manager, but how do I get it to leap into action? I have been to a website, logged in, gone to change my password, but PM has not suggested a new word or indeed even put up the "key" symbol to click on. I have manually added the website and password to Safari Password, but again, returning to the website does not prompt any log in assistance. Do I have to tell Safari to start using Passwords?

    6 months ago

    Adrian: It should do it automatically. Check in Safari, Preferences, Autofill to make sure you have't turned something off. Then look for the key icon on the right side of the ID field on a site. Of course any site can obfuscate their ID and password fields so the browser doesn't know what they really are. So maybe the one site you tried had some poor code?

    Adrian Hayes
    6 months ago

    Gary - Your status as genius is confirmed! Auto fill was completely turned off. Many thanks.

Leave a New Comment Related to "5 Reasons Why Keeping Your Passwords In Notes or a Document Is a Bad Idea"

:
:
:
0/500 (500 character limit -- please state your comment succinctly and do not try to get around this limit by posting two comments)