Nowadays, there are lots of services that require you to set up, use and remember a password. How should you handle all of them? And what if you also wanted to secure your uploaded files and keep them away from prying eyes?

If you still use slight variations of a specific password or, even worse, the same password on different websites and services... STOP IT, NOW! To maximize security and minimize the impact of data breaches, you should use strong different passwords for different services.

As I said, I will also talk about file encryption in the context of files uploaded to cloud storage services.

The “analogical” past

Back then when there wasn’t an app for everything and people went around sporting old phones like the Nokia 3310, most of us followed the old ways for managing passwords: a lot of creativity for creating them and pen and paper for storing them. The risk was that you could lose these written pages, especially if you kept them in the wallet for daily use and lost the wallet too, leaving them for unintended users, while rendering you unable to access the related services. You could minimize the risk of unintended access by getting even more creative and end up using your own cyphers for transcribing the passwords.

Probably there were specific software solutions for PCs even back then, but I don’t know any of them.

The present

Nowadays things are easier, since there are password managers to help us.

Password managers

As the name suggests, you can leverage the use of these applications to manage your passwords. Moreover most of them can help you in generating random passwords that meet specific configurable criteria (length, presence of symbols, pronounceable words, etc.). The price you have to pay is remembering the so-called master password, which is the one you should use to access all the other passwords and encrypt them (for example using AES 256).

One Password to rule them all, One Password to find them, One Password to bring them all and in the darkness encrypt them.

How you should create your master password

For this task I will simply suggest you to follow the advice of this xkcd post.

Some password managers I know (in no particular order)

• Bitwarden
• Enpass
• 1password
• Lastpass
• Dashlane

You can find a comprehensive list of managers and their features here on wikipedia.

File encryption and cloud storage

If you are like me and you store some of your files on cloud services like Google Drive, OneDrive, etc. and you don’t completely trust that they won’t take a peek at your files, you could encrypt them before storing them. And to avoid all the problems in decrypting them locally every time you want to use them, there are software solutions for that too.

Personally, I use Cryptomator and I am very satisfied with this choice. If you want to look at alternatives and other choices, you can look them up here.