Can't Recall Passwords? Write Them Down
Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57

Thread: Can't Recall Passwords? Write Them Down

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Can't Recall Passwords? Write Them Down

    Source:Information Week

    Flying in the face of convention, a security expert is now telling users to write down passwords and stick the slip of paper in their wallets.


    Flying in the face of convention, a security expert is now telling users to write down passwords and stick the slip of paper in their wallets.

    Such advice flies in the face of long-running counsel to not put passwords on paper. But security guru Bruce Schneier -- who is also the founder and chief technology officer of Counterpane Internet Security -- told users to forget the old advice.

    "People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down," Schneier wrote in his online security newsletter.

    "We're all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper -- in their wallet."

    To account for a lost wallet, Schneier urged users to finesse the paper record by writing "bank" rather than the bank's URL, or by omitting a username.

    "Writing down your impossible-to-memorize password is more secure than making your password easy to memorize," he said.
    Now here's what kills me about this: a month or so ago one of Microsoft's VP said the same thing but said to keep it in a secure location, like a vault or locked desk. This makes sense since this is a practise already done with many admin passwords. Writing it down and keeping it in the wallet seems more insecure and problematic. It's very likely that the user name will be used over again or will be written down so as to match the password, particularly if the user has many accounts and passwords to begin with.

    I was rather shocked that Schneier is the one suggesting this but..
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member
    Join Date
    Jan 2004
    Posts
    195
    Write down my passwords and keep it with me....

    what???? is wheel coming to full circle? or what we say history is about to get repeated???
    gosh i can't even find a proper reply
    It\'s all about sense of power.

  3. #3
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Let's take this to the next possible conclusion write them on a piece of paper and tape it to your computer

    Sounds like something Bill gates would suggest as a security measure at Microsoft

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    My only response to that article and that concept (two actually): "Whodathunkit?" and "DUH!". Okay, sorry.. I'm done now.
    Space For Rent.. =]

  5. #5
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    Agreed it isnt the most secure way to remember your passwords..but lets give it a thought shall we?A lot of people..including me,think of their wallet as sacred and off limits to other people...hence..the wallet to me would be the equivalent of a vault or safe?well,not exactly..but you get my drift....it'd definitely lead to greater security than taping it to the keyboard..which is pretty much the norm:P

  6. #6
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi therenegade,

    Sorry...but obviously you've been involved with the wrong women ....errr....right women....take your pick ...every woman I've ever known loves to go through wallets...it's the last place I'd put something that's supposed to be a secret.

    Eg

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    it'd definitely lead to greater security than taping it to the keyboard..
    Not by much. Especially given the way people are in public. I went for sushi today and listened to a group yapping about work. One guy was on his Blackberry and leaving it in public view. I've seen people leave their wallets open after taking out their credit cards. Any sticky notes, which often lose their "stickiness" in a hot wallet, tumble out, unbeknownst to the wallet owner. Personally, IMO, it leads to slack security views and a false sense of security.

    Either do it all or not at all. Half-assed security doesn't help.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    Eg,
    Next time they say or try to do that...tell 'em that you'll go through their purse/handbag...works like a charm
    MsMittens...agreed,but as you said..the comment was dumb to make lol,just trying to see whether he might've meant it in some other way,I like to think things from both points..dumb as I am

  9. #9
    Member
    Join Date
    May 2005
    Posts
    92
    Maybe his point is more that no matter what you tell them to not write it down they are going to anyway. So, by telling them to write it and put it in their wallet at least they are not writting it down and putting it on their monitor or under their keyboard as they normally would.

    I'm just wondering now. What happens when the user has to change their password monthly as they do in my organization? We all know how things like to build up in our wallets. Seems like more of a hassle than a solution.
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  10. #10
    Member
    Join Date
    Jul 2005
    Location
    Ohio
    Posts
    30
    The_Captain: most people alternate between a small set of passwords anyway. I know a large majority of friends I (think I) have told me they just switch between 2 passwords (unless there is a time restriction on repeating passwords.. then they use a larger cache of passwords). So most people would either write them on the same paper or have a small amount of papers.

    I have the ultimate idea: get a tattoo of your password(s). That is safe and secure, especially if it's in a "private" area. I can just picture it now..

    "Hey Frank, I forget my password. What's my left cheek say?" or a guy forgets his password and looks to his crotch for help.
    I'm 128 bits of awesome packed into a 64 bit address space.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •