MattUK Premium Member join:2003-03-23 UK |
MattUK
Premium Member
2005-Jul-28 9:50 am
Can't Recall Passwords? Write Them DownCouple of days old, but still... quote: Flying in the face of convention, a security expert is now telling users to write down passwords and stick the slip of paper in their wallets.
Such advice flies in the face of long-running counsel to not put passwords on paper. But security guru Bruce Schneier -- who is also the founder and chief technology officer of Counterpane Internet Security -- told users to forget the old advice.
"People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down," Schneier wrote in his online security newsletter.
"We're all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper -- in their wallet."
To account for a lost wallet, Schneier urged users to finesse the paper record by writing "bank" rather than the bank's URL, or by omitting a username.
"Writing down your impossible-to-memorize password is more secure than making your password easy to memorize," he said.
» www.informationweek.com/ ··· 66400770 |
|
BigCreekGod Is Good. Premium Member join:2002-06-25 Heber Springs, AR |
BigCreek
Premium Member
2005-Jul-28 10:19 am
Finally! Some sensible advice. |
|
jbobReach Out and Touch Someone Premium Member join:2004-04-26 Little Rock, AR ·Comcast XFINITY Asus GT-AX6000 Asus RT-AC66U B1
|
jbob to MattUK
Premium Member
2005-Jul-28 10:40 am
to MattUK
What I'd like to see is more standardized online password formatting. Some sites allow upper case while others don't, some allow special characters while others don't. Then there are differences in length limits. It would be nice to be able to pick a few good passwords and use the same one's everywhere. That would make it easier to remember them. |
|
1 recommendation |
stillrockin to MattUK
Anon
2005-Jul-28 10:51 am
to MattUK
What I would do if I was going to write down my password on paper is to come up with a simple code, that way if anyone should find the paper with your passwords, they won't be able to immediately crack them. I would NEVER write down my passwords on a piece of paper with out first using some kind of code, that is if I was going to do this. For expample if your password is 12345, then alternate each character with a false character in between the real one. real password = 1 2 3 4 5 coded password = 1 d 2 x 3 t 4 y 5 You can make this as intricate as you like. Like putting two false characters in place of the real one and so on. Try going backwards etc... real password = 1 2 3 4 5 Coded password = 1 t m 2 z k 3 w l 4 r a 5 The above ideas are obviously extremely basic, I'm sure you guys can figure out all kinds of ways to code your passwords to make them harder to crack if anyone should find them. Just make sure you remember the code! |
|
|
DannyZGentoo Fanboy Premium Member join:2003-01-29 united state |
to MattUK
I think those small address books are perfect for passwords as you can organize everything alpabetically. Very handy if you have many different passwords. |
|
Marilla9I Am My Own Arbiter Premium Member join:2002-12-06 Belpre, OH
1 recommendation |
to MattUK
I've been doing this for years. Finally, though, I can do it without feeling like I'm some sort of Security Weiner.
Eventually, after using a password a number of times, I remember it. The slip of paper then goes into the same secure location in which I store likes like titles and deeds, just in case I happen to forget it someday.
But while it's written down in my wallet, it is simply a string of numbers and letters, with absolutely nothing to connect to it (I never write down anything relevant to anything else that's in my wallet).
I think the type of 'writing down' us security nerds have most to worry about is writing something down on a post-it note, and slapping it on the monitor/desk/bulletin board, etc. Having it in a secure location is a good idea.
Of course; passphrases might make all this talk obselete, anyway... |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
1 recommendation |
to MattUK
I guess it's safe for me to come out of the closet now. I believe that if my wallet were to fall into the wrongs hands the least of my problems would be my slightly finessed online accts info in that wallet. I came to this conclusion after opening my first online acct & had to call customer support to retrieve my PW on my first login attempt. At that point I figured my acct was only as secure as the person I was talking to on the phone. I much prefer the anonymity of an unremarkable login than a human assisted one so I agree for me anyway that a slightly finessed cheat sheet is the safer option for me. |
|
|
to MattUK
How about a fingerprint reading keyboard or mouse? |
|
JamPony9 Premium Member join:2004-12-08 Austin, TX |
to MattUK
It is good advice. The motivation to avoid losing one's wallet becomes part of the security system. Instead of the passwords, I write down something that reminds me of what each one is - a sort of private shorthand. Useless to anyone finding it, but all I need. That way physical security of the list is less important. larryd517, I'm against anything that creates an incentive for theives to cut off people's fingers or gouge out their eyes. It has happened. » www.theregister.co.uk/20 ··· rc_chop/ |
|
|
to Marilla9
I definitely agree with Schneier here. I use passwords mostly for protection from remote intrusions. I have other things protecting the local aspect, like me, and my guns. This in mind, I can happily write my passwords down on paper. |
|
jbobReach Out and Touch Someone Premium Member join:2004-04-26 Little Rock, AR ·Comcast XFINITY Asus GT-AX6000 Asus RT-AC66U B1
|
to MattUK
And don't you love it when your working on someones computer and you make some changes requiring them to use their password and they say "I don't remember it!" They like to let the computer remember their passwords so they never have to type it in, thus never using it and forgetting what it is. |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to stillrockin
said by stillrockin:What I would do if I was going to write down my password on paper is to come up with a simple code, that way if anyone should find the paper with your passwords, they won't be able to immediately crack them. I would NEVER write down my passwords on a piece of paper with out first using some kind of code, that is if I was going to do this. For expample if your password is 12345, then alternate each character with a false character in between the real one. real password = 1 2 3 4 5 coded password = 1 d 2 x 3 t 4 y 5 You can make this as intricate as you like. Like putting two false characters in place of the real one and so on. Try going backwards etc... real password = 1 2 3 4 5 Coded password = 1 t m 2 z k 3 w l 4 r a 5 The above ideas are obviously extremely basic, I'm sure you guys can figure out all kinds of ways to code your passwords to make them harder to crack if anyone should find them. Just make sure you remember the code! Heres a better one g59 Starting letter g +5 g =l next letter gets offset by 9 next by 5 next by 9 etc. So for your gamil passowrd reminder on your paper youd have gmail g59 aol h92 etc etc Will use a simple one for a example of the wierdness that happens with these pass words key a21-cce useing that example cce=abc you can easly add complexity to the pass word cypher a21z12 or a21z12m21 etc what happenes in this is you start with a 2 letter offset a becomes c b becomes c etc once you finish a cycle at m21 you begin again. If you forget your password you can always decypher your key in my simple example example a21-cce all you need to rember is your key and what the key belongs to. Some one else finding your paper would think the pass word was a21-cce |
|
|
old news is good gnu to MattUK
Anon
2005-Jul-28 11:44 pm
to MattUK
Wait a sec here - Bruce Schneier isn't the first guy to suggest this. In fact, someone else suggested it a few months back, and it made news because the concept was seemingly a bit controversial. And yet, somehow, this is news again, because Bruce finally "gets it" and jumps on the bandwagon? Please. Original reference here: » news.com.com/Microsoft+s ··· 590.html |
|
61999674 (banned)Gotta Do What Ya Gotta Do join:2000-09-02 Here
1 recommendation |
to MattUK
This is nothing new for me, For years I have kept my passwords(the ones I use most anyway) in my wallet, I also have a small card file box for all of them at home. Passwords in and of themselves are useless.
Bank of America >>> %$cF3@fj8$hF >> go for it. |
|
your moderator at work
hidden :
|
|
to MattUK
Re: Can't Recall Passwords? Write Them DownEasy way to remember a password...pick a song or phrase "Happy Birthday to you!" then the password becomes HBTY! then add a special day and it can become "bty!07041776"
Not hard to remember |
|
djtim21It's all good Premium Member join:2003-12-22 Lake Villa, IL |
to DannyZ
said by DannyZ:I think those small address books are perfect for passwords as you can organize everything alpabetically. Very handy if you have many different passwords. This is exactly what my father does. He has a ton of user names, for various things. He puts the user name and then the password next to it. It also makes it easier for me to help him with problems, either over the phone or in person. |
|
S S K join:2005-02-18 Netherlands |
to MattUK
I use the "secure" storage my cellphone offers to store the passwords I need when away from home |
|
salzanExperienced Optimist Premium Member join:2004-01-08 WA State |
to MattUK
I have a really secure, simple system. Unfortunately, I can't tell you. |
|
jaa Premium Member join:2000-06-13 |
jaa to MattUK
Premium Member
2005-Jul-29 11:58 am
to MattUK
I find a post-it on my monitor works well. Always there for me - I don't have to keep pulling out my wallet. |
|
brydry...it's meat-cake join:2004-12-05 Clearwater, FL |
to MattUK
I've always had them on paper for easy referance... Jeepers, how is a person supposed to remember them all? Just counted them up, 27 accounts with user name/password, all unique. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to MattUK
I have probably at least 50 passwords. I write them down in a folder and what a hassle to find the right one each time. Tonight I almost bought the APC Personal Biometric USB POD Fingerprint Reader. I would love it but I'm glad I hesitated. When I got home and researched it, it doesn't support Fx!. UGH. |
|
Teasip join:2001-05-14 Plano, TX |
to MattUK
PasswordSafe. Simply program, only need to remember one password to access all of them. Keep a copy on a thumb drive attached to your keys. |
|