Write Down Your Passwords

joeykiller writes "Microsoft's senior program manager for security policy, Jesper Johansson, presents a provocative but interesting view on password policy: He claims that prohibiting users from writing down their passwords is bad for security. His main point is that if users are prohibited from writing down their passwords, they will use the same easy to guess password everywhere." From the article: "Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it...If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords."

So Pen&Paper's the new replacement for Passpor

[team99parody]

Now we know what's replacing Microsoft Passport in Longhorn - pen&paper!

And I'll keep it under my keyboard...

[beorach]

with my bank name and account number next to it..

Re:And I'll keep it under my keyboard...

[dodald]

I have a single post it note under my keyboard that reads "9uL1i613".

Re:And I'll keep it under my keyboard...

[justforaday]

I have a single post it note under my keyboard that reads "9uL1i613".

mine says "password"

Re:And I'll keep it under my keyboard...

[camkind]

mine says "This side down"

Ok.

[cmburns69]

Ok, here they are:

Slashdot password: 12345
Personal site password: 12345
Bank account password: 12345

Now my password is even more secure! Yay!

Re:Ok.

[fembots]

Now my password is even more secure!

So true, by open-sourcing your password, you don't need to worry about security anymore.

Re:Ok.

[ClownsScareMe]

This joke is sooooo obvious. I though of it, I just didn't post it.

One Word:

[DrunkenTerror]

Tattoos.

Re:One Word:

[Durinthal]

Particularly in a private region. That way no geek would ever have to worry about someone else seeing it!

Re:One Word:

[fbform]

Particularly in a private region.

That's not how one does private key encryption.

Wow...

[MrByte420]

I've got the same combonation on my luggage!
(sorry sorry sorry!)

Re:I'll buy that piece of paper with some chocolat

[Fulcrum+of+Evil]

My password vault happens to be Firefox, though.

How do you get your passwords out?

True story

[HaeMaker]

I'm a SysAdmin and at one place I worked, I noticed someone had written 'aaaaa' on their monitor. They wern't at their desk at the time, so I sat down, hit ctrl-alt-del and typed 'aaaaa' into the password field...

Re:True story

[sconeu]

I refuse to play your chinese food mindgames!

Re:True story

[gregfortune]

Heh, I've got a password on a post it note attached to my monitor. It's something like P43F^ss2Bn. I always wonder how many times people try it.

Exactly right. . .

[Sialagogue]

This is the exact reason that I write all my passwords on post-it notes and stick them to my monitor.

I have a 21-inch tube monitor and it weighs like 80 pounds, so nobody could even get it out the door much less steal it, so my passwords are going nowhere.

Re:So Pen&Paper's the new replacement for Pass

[coop0030]

Maybe it's the new trend.

Maybe pen&paper AD&D will be cool again!

Re:So Pen&Paper's the new replacement for Pass

[DaltonRS]

And of course, they(M$) will introduce the following security initiative when pen and paper security protocols show evidence of security lapses. White-Out.

Re:Passwords suck: simple solution:

[xAXISx]

You misspelled right wing scare tactic.

Re:So Pen&Paper's the new replacement for Pass

[irm]

I've always written down my passwords. You just have make sure to keep them on the top of the Mountain of Despair, beyond the River of Doom. Total security!

Re:So Pen&Paper's the new replacement for Pass

I can see what's next.

• Oil Paints replacing Microsoft Paint in Longhorn
• A printed dictionary replacing Word's spell checker.

Perhaps Longhorn really will revolutionize the computng industry.

I can just see this...

[Em+Ellel]

For example, I'm only reading Slashdot from this particular computer, and I'm using a IBM E94 monitor, and there is this Sellotape dispenser on my desk with 1531 written on it. So my Slashdot password can be easily remembered as IBM!1531@E94#, or simply ibm1531e94 for those systems that cannot accept special characters.

I can just see the following request to helpdesk:

Please reset my password as someone borrowed my Sellotape dispenser and I can no longer log in.

-Em

Re:Pseudo-Written Password

I used to use a password-generation "method" which was to create a rather rude anagram about the particular user (with the appropriate number/symbol substitutions for letters, as necessary). After a couple of years of odd passwords one of the engineers finally started to catch on (it didn't help that he could sometimes hear me laughing while creating new-user passwords...).

Re:So Pen&Paper's the new replacement for Pass

[PakProtector]

I should expect that kind of talk coming from a young, low uid person like yourself. You kids don't know how good you have it these days. Fancy computer graphics and a machine to keep track of details for you, letting you have your 'action' in 'real time.' Back in my day, we had cardboard cutouts, if we were lucky! Most of us used hand made lead figures that we had to paint by hand! And it could take hours just to do one massive battle because we had to do everything ourselves! In the snow! In our parent's basements! Pssh. You young people these days. I don't want your opinion until your UID is in the lower 50% of the population. PSssh. Kids. Think they know everything. In my day, we were lucky if we knew nothing! You were lucky just to not be a negative container of knowledge, sucking it out of other people until everyone knew nothing. Pssh. Kids.

Re:Don't treat it like cash

[Amoeba]

So if Jackson is on the $20 bill, what do 5 Jacksons make?

The world's most dysfunctional family?

Re:No!

[FirstTimeCaller]

Why put the list in cyberspace at all? That's the beauty of paper, nobody online can steal a sheet of paper sitting in your home/office/dorm/loft/cave.

But I thought you said not to put it on your machine at all!?!?! So what the heck is it doing under your home directory? :-)

Re:Pseudo-Written Password

[Erik+Fish]

If they take the Sellotape then you just set the building on fire.

Re:The worst Slashdot password

[kakos]

Most systems don't allow empty passwords.

Re:Bruce Schneier agrees

[Penguinshit]

One password to rule them all
One password to find them
One password to bring them all
And in the darkness bind them.

Liar.

[apparently]

So my Slashdot password can be easily remembered as IBM!1531@E94# Tried that, and got: "Danger, Will Robinson! You didn't log in! You apparently put in the wrong password, or the wrong nickname. Either try again, or have your password mailed to you if you forgot your password." Please advise.

Don't misunderestimate people ;-)

[Venner]

Why put the list in cyberspace at all? That's the beauty of paper, nobody online can steal a sheet of paper sitting in your home/office/dorm/loft/cave.

Not necessarily :) I used to know someone who had a webcam in their office. It was one of those geeky "things to do" at the time. He had controls to pan & zoom, control the a small light, etc, on his website.

One day, I zoomed in on a piece of paper on the corner of his desk. Some rotation & sharpening in photoshop* revealed an IP and the word "gizzards8524". I telnetted** to the IP, tried his usual nickname and that word as the password and bingo - I was in.

He was quite startled when a he got a console chat invitation from...himself. :)

*as opposed to hollywood's ideas of image restoration that boggle the mind and break the laws of physics.

**ssh wasn't popular yet.

Re:Pseudo-Written Password

Sorry, we had to replace your monitor while you were out last week. Someone accidentally drenched it with Coke. As a consolation we got you a much nicer monitor and also replaced your dingy old tape dispenser.

What do you mean that keeps you from logging in? Don't be ridiculous.