HomeBlog
Top 10 Worst Places to Store a Password
Published:
March 19, 2025

Top 10 Worst Places to Store a Password

By:
Team Huntress
|
Glitch effectGlitch effectGlitch effect
Glitch banner

Sharing and reusing passwords is one of the easiest ways hackers can gain access to your online accounts. And some people aren’t making it any harder for hackers. 

A Forbes Advisor survey found that 47% of users actually reuse their passwords across up to four different accounts. 

Now, we’ve all heard some wild stories about poor password hygiene or the places people keep their passwords. But what are the worst offenders of them all?

We took to LinkedIn and Slack to ask the Huntress team and others to share their wildest answers for the best places to store your passwords (WRONG answers only).

People across the infosec and cybersecurity community chimed in to share their jokes and some real-life horror stories. Our team rounded up the best answers of where to NOT store your passwords. Enjoy!

Here are the top 10 worst places to store a password

1. Make the password the same as your username

One less thing to remember, right?

2. Tattoo your password somewhere. Then update it frequently.

Tattooing your password was a surprisingly common (and odd) answer.

3. In a spreadsheet, doc, or .txt file

Actually, users saving plaintext passwords to their desktops is one we see quite a lot.

4. Featured in the background of a video call

With so many video calls these days, watch out for what’s in your background!

5. Store your password in a public directory

It's a big engineering slip to commit your password to GitHub. #fail

6. The classic: put your password on a sticky note.

It’s classic for a reason. Because it still happens.

7. Another classic: stored with trustworthy royals.

8. Somewhere safe in your office or home.

Basically, wherever you’d store some spare cash. 

9. Or put it on your favorite mug.

Just make sure it’s dishwasher safe.

10. If all else fails, just use the same simple password for everything.

While these responses were hilarious, the reality is far less funny. Password sharing and password re-use are just some of the many ways malicious hackers can gain easy access to your online accounts.

The importance of multi-factor authentication (MFA) can't be understated. With MFA turned on, a hacker will have a difficult time trying to access your account with just your password.

Don’t let yourself or your users become another statistic (or horror story). Huntress Managed Security Awareness Training (SAT) makes learning cybersecurity best practices both engaging and effective. Through lessons designed by cybersecurity experts and brought to life by award-winning animators, your team will gain the knowledge they need in a fun and memorable way. They'll learn the importance of not reusing passwords, how to spot phishing attempts, recognize social engineering scams, and much more—making security second nature.

Check out our series of memorable, story-based episodes and see for yourself how exciting learning with Managed SAT can be.

Huntress social logo

Call to Action
Blurry glitch effectGlitch effectGlitch effect
Categories
Cybersecurity Education

See Huntress in action

Our platform combines a suite of powerful managed detection and response tools for endpoints and Microsoft 365 identities, science-backed security awareness training, and the expertise of our 24/7 Security Operations Center (SOC).

Share
Glitch effect

You Might Also Like

Sign Up for Huntress Updates

Get insider access to Huntress tradecraft, killer events, and the freshest blog updates.

By submitting this form, you accept our Terms of Service & Privacy Policy
Oops! Something went wrong while submitting the form.
Huntress at work