Our digital lives require dozens of passwords. From university systems to banking, email to social media, each service demands secure access credentials. The challenge isn’t just creating good passwords anymore—it’s managing them all securely and efficiently.
The University of Stirling Password Policy and Guidance can help inform you of best practice for creating strong passwords to protect your accounts, and we have a previous blog post all about passwords. But once you’ve set unique, complex passwords for each of your accounts, how and where can you safely store them for easy access when needed? The reality is that most of us are managing way too many accounts to simply remember passwords for each one. The absence of a clear password management strategy can lead to risky behaviours like reusing passwords for multiple accounts, using simple variations for different passwords, or just writing them down. Fortunately, there’s a more secure alternative: dedicated password management software.
Password managers serve as encrypted vaults for all your credentials. They generate unique, complex passwords for each service, while you only need to remember one strong master password to access the password manager itself. When you visit a website, the manager can automatically fill your credentials, making account security convenient.
Many university staff and students store passwords in their web browsers because it seems convenient—Edge, Safari, Firefox and Chrome all offer to save passwords as you browse. However, this approach comes with significant security risks that aren’t immediately obvious.
Browser password storage typically uses weaker encryption standards than dedicated solutions. Browsers store passwords primarily as a convenience feature, not as their core security function. Crucially, if malware infects your browser, your stored passwords all become vulnerable. We’ve been seeing increasing levels of browser-based malware attacks on university desktops and laptops as cyber attacks become ever more sophisticated.
Dedicated password management applications are purpose-built for credential security. They offer numerous advantages:
- Enhanced security – Strong encryption specifically designed to protect credentials
- Cross-platform access – Securely access your passwords across all devices, including mobile
- Breach monitoring – Automatic alerts if your accounts appear in known data breaches
- Encrypted notes – Store other sensitive information like software keys or security questions
Transitioning to a password manager takes initial effort but provides lasting benefits. We recommend that you:
- Research and select a reputable password manager that suits your needs.
- Start by securing your most important accounts first—university, email, and financial services.
- Enable two-factor authentication on your password manager account.
- Gradually add other accounts as you use them.
- Consider using the password manager’s security assessment tools to identify weak or reused passwords.
For maximum protection, combine your password manager with Two-Factor/Multi-Factor Authentication (2FA/MFA) wherever possible.
Your university account deserves particular attention, as it may grant access to research data, personal information, and critical university systems. Never reuse this password elsewhere, and ensure it’s stored securely.
Don’t forget to complete your free Cyber Security awareness training through Metacompliance here or in the app on Teams, see ‘Apps’ on the left-hand navigation bar.
For more cyber security guidance see our page on UniDesk here, or visit our dedicated SharePoint hub here. Contact the Information Centre with any questions or concerns about password management: Information.centre@stir.ac.uk