Passwords: You’re Doing it Wrong

“Are you tired of losing track of those login/usernames and passwords you create every time you visit a new Web site? Do you have sticky notes and scraps of paper scattered about your office and home computer space covered with these vital pieces of information, but never seem to be able to put your hands on them when you need them? Now you can keep important Web site addresses, usernames, and passwords in one convenient place! Introducing The Personal Internet Address & Password Log Book!”

This is the product description for The Personal internet address & password logbook.  

Or if you don’t like that, perhaps you’d like Forgot Your Password? A confidential handbook to keep all your usernames passwords and websites at your fingertips.

Dont you hate when you have a mountain of sticky notes with passwords?   If you, you’re doing it wrong.   While most security professionals have now acknowledged that writing down the password is best, if you aren’t storing the written password securely you’re opening yourself up to trouble.

Teachers have their accounts compromised resulting in grade changes, assignment changes, vandalism of class websites and harassment sent from teachers accounts.

People have been electronically bullied by a spouse or classmate because their passwords were left where they could be found.

A password log book is like a rolodex.   (If you were born after 1995, you probably don’t even know what that is.)  It is a solution from another time.    I recommend and use LastPass for password storage.   With other password protections like locking the computer or phone,  and requiring logging into the password storage the passwords are much more safe than writing them in a journal or just using the same password for everything.

 

3 Comments

  1. I think it is best to stick with passwords that are easy to remember but would be complicated to crack. For example, D0g.1234567890. That is a zero in th word dog. The strength is in the length and randomness. If you can make a password long and random, it will be secure enough.

  2. Build- the problem then becomes- what happens when you have more than 1 password to remember? 5? 10? 200? Surely you wouldn’t suggest using the same pass everywhere?

    I’m a NetAdmin and between work and personal sites have over 300 passwords. None of them are identical, and I don’t know 90% of them. I keep them in Lastpass, with a high-entropy password and a few other tricks. I don’t have them written down anywhere, but I do have a backup method of accessing the main account- and it’s unlikely to be hacked, either, owing to several issues making that very unlikely.

    Of course, if I ever get amnesia, I’m screwed… but there’s no safeguard against that.

    • While there are some editing issues in that post, it is clear you didn’t read the post. I recommend LastPass.

      The point of the post was to laugh at the idea of Amazon selling a book to write your passwords in.

Comments are closed.