Your Account Key gives you access to your Peerio account, so keeping it safe is critical! In order of security, these are the best options for storing your Account Key securely:
- On paper. Write your Account Key down on paper or print out the PDF file from the desktop version of Peerio and store this paper somewhere safe (e.g. a safe!). "On paper" is important! Computers are vulnerable to attacks that can be carried out remotely, like malware that allows someone to access the content of your computer, log keys, or take screenshots. Do not record your Account Key in plaintext anywhere online (e.g. an email).
- An encrypted password manager. A password manager is a tool that allows you to generate strong passwords and safely store them on your computer, or even online. The best password managers will be encrypted, open-source, and professionally audited. An offline password vault is generally safer than an online password manager. We do not recommend cloud-based password managers for high-risk users.
Peerio recommends these password managers:
KeePassX: KeePassX is a free and open source password vault that stores your passwords in an encrypted database locally on your computer, protected by a single master password and/or a key file. While the core KeePassX application has been audited, many of extensions made by third parties have not.
LastPass: LastPass is a cloud-based password manager that encrypts your passwords and stores them on LastPass servers.This allows you to access your passwords through their web service. LastPass also offers an extension to auto-fill your login credentials on various websites. LastPass is free to use, but charges users a monthly fee to use their mobile apps. LastPass is not open source, but has been audited for security. LastPass did suffer a security issue during 2015.
1Password: 1Password in its simple form encrypts your passwords to a locally stored database. 1Password offers a number of options to sync your passwords between your devices, and offers apps for Windows, Mac, iOS, Android. Like LastPass, a 1Password extension can be added that will auto-generate and store strong passwords for you on sites you visit. 1Password is not open source, and has not been audited, however they have a respected security team. You can read their comments on transparency and security here. 1Password is subscription based.