Managing multiple login passwords “securely”

Published: August 26, 2017 at 10:48 am

Last Updated on

This year marks twenty years of computer and internet usage for me. In a two-part series, I discuss my experience and learnings on managing multiple passwords (part 1) and computer security (part 2).  From spending the whole day in the IIT, Madras library in the mid-90s to rarely entering it in the 2010s, it has been a sea change in the way I (and all of us) seek and process information.

The need for a password manager: necessity is the mother of clutter.

Initially one could access all parts of a website (including sub-directories!). Soon site owners wanted users to “log in” to use the entire or sections of the site. From having to log in to use e-mail, now more passwords were required. Unfortunately, each website had its own password codes. Some wanted one letter in capital, some a character like $,%,… and so on. When online banking took off, some banks wanted the passwords changed every few months and even insisted that the new password should not resemble the last three passwords! Some AMCs also insist on this.

So the need for a password manager became natural. The most secure password manager is this one:

Photo by Jesse Radonski (Flickr)

Of course, as long as the notebook stays at home (in one place) and so is the computer used to make financial transactions. Sure your dog can eat your notebook or it can be burnt, but when it comes to security (and insurance) we can only consider probability and not possibility. Those who can distinguish probability from possibility can also distinguish paranoia from prudence.

Security is the cost of Convenience

There is no free lunch. If we want a “convenient” way to “securely” store passwords and login, then it will have to come at the cost of security. Any piece of code, be it human generated or machine generated, can be cracked/hacked by anyone with enough determination. So none of the password managers that we have today are hacker-proof. It is merely sheer dumb luck that I have not been hacked as yet.

For the last 15 years or so, I have been using Roboform to manage my passwords and in the last 9-10 years or so, I have been making online transactions with passwords stored in it. I make no claims that is the best or even good enough. There are many other options which are probably better, but I have no intention to shift as I am used to it.

Initially, Roboform was free to use for storing ten logins with a paid version for unlimited logins. Thanks to competition and emergence of browser based password managers, Roboform is now completely free for personal use with a paid business version. There is a cloud based version which can be used to sync passwords across devices and this costs a small fee.

Roboform (so should others) comes with a so called “master password”. This can be used to unlock access to select logins. This master password is not stored anywhere in the Roboform software. So losing this would mean trouble. I have used my wife’s favorite password as the master password so that she can access the logins in my absence. Any login involving money exchange can be further secured by this master password.  This was the first double authentication I had used prior to the emergence of the mobile.

Now with mobile based authentication at the final stage of the money transfer, I believe such master passwords are not of much use.

In my opinion, double authentication is meaningful only when two separate devices are involved. This is the reason I will never use my mobile for online transactions. Losing a mobile is not just a possibility!

Why not browser-based password managers?

I am of course referring to Chrome and Firefox (most popular choices?). As of now, all my financial transactions logins are in Roboform with a master password. All the rest (Facebook, Gmail, EB bill, Telephone, property tax etc) are all on chrome.

However, I do feel that there is no harm in using browsers to store say, AMC passwords. Suppose the browser is hacked and the password is out in the open (with the login), what is the worst that can happen? I may have to pay tax if the hacker makes a redemption. The money will go to my bank account in T+1 or T+3 days ( I can get this canceled in the meantime as I will get an SMS and email alert). The hacker would then need my bank credentials and mobile phone to access my money. That is just too much of a long shot.

I repeat

Paranoia —-> possibility

Prudence —-> probability

Oh yeah, by the way, I am pro-Aadhaar and supposedly the CIA knows my A-number. How flattering!

The problem with browser based password managers are the updates. Chrome suddenly changed its settings interface and couple of weeks ago. When I managed to get to the password and wanted to change one and clicked on the “eye”, it wanted a windows password!  Users who did not set a windows login password suddenly could not access their own passwords.

Thanks to an outcry in the forums, this was quicked removed in the next update. I have never faced such nonsense with Roboform. Even if the latest version looks completely different from the first version I used, the core settings are the same.

Even though all sites have a “forgot password” link, some do not have a “forgot login id” link. So at least for this,  a cloud-based service is necessary. I will be getting the Roboform Everywhere service (20 USD per year or 50 USD for 3Y or 75 USD for 5Y)

Chrome has this too (free) and it is quite convenient.

By the way, you can have some fun trying to find out how secure your password is with many online tools. Here is a screenshot:


Disclosure: I am NOT affiliated with any of the brands mentioned in this or any post here.

Hate ads but would like to support the site? Subscribe to our ad-free newsletter and get beautifully formatted full articles delivered to your inbox!


Ask Questions with this form

And I will respond to them in the next few days. I welcome tough questions. Please do not ask for investment advice. Before asking, please search the site if the issue has already been discussed. Thank you.  PLEASE DO NOT POST COMMENTS WITH THIS FORM it is for questions only.

[contact-form][contact-field label=’Name’ type=’name’ required=’1’/][contact-field label=’Email’ type=’email’ required=’1’/][contact-field label=’Comment’ type=’textarea’ required=’1’/][/contact-form]

GameChanger– Forget Startups, Join Corporate & Live The Rich Life You want

My second book, Gamechanger: Forget Start-ups, Join Corporate and Still Live the Rich Life you wantco-authored with Pranav Surya is now available at Amazon as paperback (₹ 199) and Kindle (free in unlimited or ₹ 99 – you could read with their free app on PC/tablet/mobile, no kindle necessary).

It is a book that tells you how to travel anywhere on a budget (eg. to Europe at 50% lower costs) and specific investment advice for young earners.

The ultimate guide to travel by Pranav Surya is a deep dive analysis into vacation planning, finding cheap flights, budget accommodation, what to do when travelling, how travelling slowly is better financially and psychologically with links to the web pages and hand-holding at every step.  Get the pdf for ₹199 (instant download)

You can Be Rich Too with Goal-Based Investing 

My first book with PV Subramanyam helps you ask the risk questions about money, seek simple solutions and find your own personalised answers with nine online calculator modules.

The book is available at:

Amazon Hardcover Rs. 271. 32% OFF

Infibeam Now just Rs. 270  32% OFF. If you use a mobikwik wallet, and purchase via infibeam, you can get up to 100% cashback!!

Flipkart Rs. 279. 30% off

Kindle at (Rs.271) Read with free app

Google PlayRs. 271 Read on your PC/Tablet/Mobile

Now in Hindi!

Order the Hindi version via this link

Do share if you found this useful
Hate ads but would like to support the site? Subscribe to our ad-free newsletter and get beautifully formatted full articles delivered to your inbox!

About the Author M Pattabiraman author of freefincal.comM. Pattabiraman(PhD) is the author and owner of  He is an associate professor at the Indian Institute of Technology, Madras since Aug 2006. Pattu” as he is popularly known, has co-authored two print-books, You can be rich too with goal based investing (CNBC TV18) and Gamechanger and seven other free e-books on various topics of money management.  He is a patron and co-founder of “Fee-only India” an organisation to promote unbiased, commission-free investment advice. Pattu publishes unbiased, promotion-free research, analysis and holistic money management advice. Freefincal serves more than one million readers a year (2.5 million page views) with numbers based analysis on topical issues and has more than a 100 free calculators on different aspects of insurance and investment analysis. He conducts free money management sessions for corporates  and associations(see details below). Previous engagements include World Bank, RBI, BHEL, Asian Paints, TamilNadu Investors Association etc. Contact information: freefincal {at} Gmail {dot} com (sponsored posts or paid collaborations will not be entertained)
Want to conduct a sales-free "basics of money management" session in your office?
I conduct free seminars to employees or societies. Only the very basics and getting-started steps are discussed (no scary math):For example: How to define financial goals, how to save tax with a clear goal in mind; How to use a credit card for maximum benefit; When to buy a house; How to start investing; where to invest; how to invest for and after retirement etc. depending on the audience. If you are interested, you can contact me: freefincal [at] Gmail [dot] com. I can do the talk via conferencing software, so there is no cost for your company. If you want me to travel, you need to cover my airfare (I live in Chennai)

Connect with us on social media

Content Policy

Freefincal has original unbiased, conflict-of-interest-free,  topical reports, reviews, commentary and analysis on all aspects of personal finance like mutual funds, stocks, insurance etc. All guest authors and contributors to the site also do not have any conflict of interest. If you find the content useful, please consider supporting us by (1) sharing our articles and (2) disabling ad-blockers for our site if you are using one. No promotional content We do not accept sponsored posts and link exchange requests from content writers and agencies. This is our privacy policy Our website is non-profit in nature. The revenue from the advertisement will only be used for hosting charges, domain registration charges, specific plugins necessary for traffic growth and analytics services for search engine optimisation.

Do check out my books

You Can Be Rich Too with Goal-Based Investing

You can be rich too with goal based investingMy first book is meant to help you ask the right questions, seek the right answers and since it comes with nine online calculators, you can also create custom solutions for your lifestyle! Get it now.  It is also available in Kindle format.
Gamechanger: Forget Startups, Join Corporate & Still Live the Rich Life You WantGamechanger: Forget Start-ups, Join Corporate and Still Live the Rich Life you wantMy second book is meant for young earners to get their basics right from day one! It will also help you travel to exotic places at low cost! Get it or gift it to a young earner

The ultimate guide to travel by Pranav Surya

Travel-Training-Kit-Cover This is a deep dive analysis into vacation planning, finding cheap flights, budget accommodation, what to do when travelling, how travelling slowly is better financially and psychologically with links to the web pages and hand-holding at every step.  Get the pdf for ₹199 (instant download)

Free Apps for your Android Phone

All calculators from our book, “You can be Rich Too” are now available on Google Play!
Install Financial Freedom App! (Google Play Store)
Install Freefincal Retirement Planner App! (Google Play Store)
Find out if you have enough to say "FU" to your employer (Google Play Store)

Blog Comment Policy

Your thoughts are vital to the health of this blog and are the driving force behind the analysis and calculators that you see here. We welcome criticism and differing opinions. I will do my very best to respond to all comments asap. Please do not include hyperlinks or email ids in the comment body. Such comments will be moderated and I reserve the right to delete the entire comment or remove the links before approving them.


  1. I don’t know what makes you feel a notebook is the most secure password manager, infact it is the most insecure thing to do today when it comes to passwords. As to browser-based passwords, try using password add-ons that store passwords in cloud encrypted. I’ve been using Lastpass for years now without any issues whatsoever. It’s cross-platform, supports all browsers, excellent support, almost all features are free and encryption/decryption of data takes place on your device. It really is for the most paranoid of nerds!

    1. A notebook (the one made of paper) is something that I can store at home and always at home (along with the computer I transact on). That is secure enough for me if “most secure” troubles you. I am happy with roboform. Will explore lastpass. Thanks.

  2. I would suggest KeePass / KeePassXC / KeePassX depending upon which operating system is used.

    Also comes with OTP tool.

    Software is opensource so is much secure and also privacy concerns are much better addressed.

    There’s a browser plugin for Google Chrome browser called as ChromeIPass. Which fetches id pass safely and puts in the input fields.

    I have tried them all. Use KeePassXC on my linux machine with ChromeIPass in chrome. It works well on Windows and Apple Mac as well.

    Highly recommended!

    Also, I use dropbox client and keep the encrypted database in it. KeePassXC use that file directly, so when changes are saved they get backed up and can be accessed from other machines if and when needed.

  3. This is the best suggestion. I’ve also been using KeePass for nearly a decade. In addition to your suggestions, I use Keepass2Android android app to help fill in the passwords into Android apps. It has an option to use a “different keyboard” to fill in password directly from the DB, bypassing the clipboard and thus preventing other apps from potentially seeing the password.

  4. Lastpass is free on multiple devices for personal use and safest too. Roboform etc. are too complex to use for me. Saving passwords on browsers is the worst form of security. A simple script can retrieve passwords stored in browsers. Lastpass is a browser plugin and also available for mobiles. I suggest to use this. Have been using this for more than 7 years.

  5. In this case, you are trusting Roboform and their technology to safeguard your secrets. Is that safe to do or not is something that only you can answer. I did a quick check since I havent heard about Roboform and there are many claims from a few years old about their in-security. But not sure what is the truth and where. But since they are a proprietry and closed-source system, it does impact the trust factor. Personally, I am not comfortable with this kind of solution.

    I use Keepass on cloud storage which allows it to be synchronised and access it across my different devices. There are similar alternatives like Passwordsafe. A bit of web-research can yield safer options.

    1. I agree it is based on trust, but open source does not imply “secure”. Both can and have been hacked. And personally, I trust Roboform.

Leave a Reply

Your email address will not be published. Required fields are marked *