You’ve heard the advice before about good password practices: Use a combination of uppercase, lowercase, numbers and special characters. Don’t use common words (especially “password”). Change your password regularly. Use a different password for every login.
You follow them as best you can. Maybe your company even has the policies enforced so you must follow them. But it gets hard to remember all those weird passwords. So, you start writing them down. Maybe it’s an Excel file saved on your desktop. Or emails you saved in a folder in Outlook. Or a piece of paper under your computer.
Stop doing this. Right now.
Keeping your passwords in an unsecured location negates all those other good password practices you are following. Often when you experience some sort of data breach, it's a hacker getting into one system (like your email) - not everything at once. But they can use the information they find there to access other systems.
It doesn’t make much difference if you’ve used a different password for your different logins if someone is able to access your email and you’ve emailed them all to yourself. Or if they are able to access your file storage and find your Excel file called Passwords.
What to Do Instead
You should still use a difference complex password for every login. This doesn’t mean you have to memorize them all. There are better ways:
Use a Password Manager
Password managers, like Lastpass and 1Password, store all your passwords in a secure location. Think of it as a vault for your login information. You'll only need to remember one password to log into your "vault." We strongly recommend finding and using a password manager with multi-factor authentication to add an additional layer of security.
Many password managers have additional features to help you come up with more secure passwords and access them easily once you're logged in. Look for a password manager with features like password generation (with the option to set specific parameters like character length and what kind of characters it should include), mobile and desktop apps, browser plugs in, and multi-factor authentication.
PCMag has a comparison of some free options on their site.
Use Single Sign-On with Azure
If your company has Windows Azure Active Directory (AD), you may be able to set up (or get your IT company to set up) single sign-on, allowing you to sign in to multiple services with one username and password. Microsoft has a quick overview video here.
The obvious advantage here is, like using a password manager, you'll only need to remember one login and you won't need to keep a list of passwords for different services.
The catch here is that it can only be used for apps and services connected to your active directory, but most business related services and apps are included. It's not going to be a great solution for your personal passwords, though.
If you absolutely must, for some reason, store your passwords in an Excel file or Word doc on your computer or in your cloud storage, at the very least, password protect the actual file. But really, this is the bare minimum.
Using a password manager or Azure AD Single Sign-On (or both!) to manage your passwords will make your life easier and your data more secure by keeping your passwords in a secure location and allowing you to only have to remember one password.