Your passphrase is the key to your Peerio account, so keeping it safe is critical! In order of security, these are the best options for storing your passphrase securely:
- Your brain! The safest place for your passphrase will always be inside your own head. Although a few random words may seem odd at first, you will be surprised how capable your mind is cable of retaining small bits of information!
Practice over time: Memorization works best when you practice over time. Write your passphrase down on a sheet of paper. Try to login to Peerio once a day. Each time you do, try entering your passphrase from memory. Give yourself a few seconds to try to recall the words and enter your best guess. Only look at your paper if you cannot remember.
Imagine your passphrase: If your passphrase is "iced angels control pusher robot", you might picture angels made of ice playing with a remote control robot that pushes stuff. It sounds silly, but it works quite well.
- On paper. Write your passphrase down on paper and store this paper somewhere safe (e.g. a safe!). "On paper" is important! Computers are vulnerable to attacks that can be carried out remotely, like malware that allows someone to access the content of your computer, log keys, or take screenshots. Do not record your passphrase in plaintext anywhere online (e.g. an email).
- An encrypted password manager. A password manager is a tool that allows you to generate strong passwords and safely store them on your computer, or even online. The best password managers will be encrypted, open-source, and professionally audited. An offline password vault is generally safer than an online password manager. We do not recommend cloud-based password managers for high-risk users.
Peerio recommends these password managers:
KeePassX: KeePassX is a free and open source password vault that stores your passwords in an encrypted database locally on your computer, protected by a single master password and/or a key file. While the core KeePassX application has been audited, many of extensions made by third parties have not.
LastPass: LastPass is a cloud-based password manager that encrypts your passwords and stores them on LastPass servers.This allows you to access your passwords through their web service. LastPass also offers an extension to auto-fill your login credentials on various websites. LastPass is free to use, but charges users a monthly fee to use their mobile apps. LastPass is not open source, but has been audited for security. LastPass did suffer a security issue during 2015.
1Password: 1Password in its simple form encrypts your passwords to a locally stored database. 1Password offers a number of options to sync your passwords between your devices, and offers apps for Windows, Mac, iOS, Android. Like LastPass, a 1Password extension can be added that will auto-generate and store strong passwords for you on sites you visit. 1Password is not open source, and has not been audited, however they have a respected security team. You can read their comments on transparency and security here. 1Password is not free, but charges a one-time fee.