Slashdot Mirror
Write Down Your Passwords
joeykiller writes "Microsoft's senior program manager for security policy, Jesper Johansson, presents a provocative but interesting view on password policy: He claims that prohibiting users from writing down their passwords is bad for security. His main point is that if users are prohibited from writing down their passwords, they will use the same easy to guess password everywhere." From the article: "Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it...If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords."
You can't memorize good enough passwords any more, so don't bother. For high-security Web sites such as banks, create long random passwords and write them down. Guard them as you would your cash: i.e., store them in your wallet, etc. Never reuse a password for something you care about. (It's fine to have a single password for low-security sites, such as for newspaper archive access.) Assume that all PINs can be easily broken and plan accordingly. Never type a password you care about, such as for a bank account, into a non-SSL encrypted page. If your bank makes it possible to do that, complain to them. When they tell you that it is OK, don't believe them; they're wrong.
I've guessed numerous passwords with your technique. I hope you were kidding.
What would be the problem with using one really strong password everywhere? Rather than many strong (or semi-strong) passwords that have to be written down, or one really weak password? Why wouldn't a person choose one good password, and only one, and keep it?
Maybe it's because people really just don't think they're that important. It'll probably take serious problems to change people's minds (like a theft of identity, or fraudulent charges, etc...)
And while we're on the subject of passwords, can we please get rid of those "change your passwords EVERY THIRTY DAYS!" systems? God...those have probably done more to propagate the phenomenon of writing passwords down than anything else.
concrete5: a cms made for marketing, but strong enough for geeks.
If someone's hacking in from outside you want as good a password as possible... That's my fear, not someone sitting at my desk and logging on as me.
9 80786CC256E6C007EE7D2
Peter Gutmann said the same thing: you fear the hacker, not the guy stealing your PC.
http://computerworld.co.nz/news.nsf/nl/3F25D67E47
I am a leaf on the wind
I use a password app on my PDA (a Zaurus), but most people have cell phones. There must be a little java applet around that does the same thing. If not, there's a great opportunity there, I would think.
The problem with this suggestion is that if your fingerprint (or some other bio-metric info) is stolen or duplicated, you can't change it. How would you like a genius hacker to have permanent access to all of your data for life?
With a password, at least you can change it if it is compromised.
Authentication methods can all be broken down into the following categories:
1) Something you know (such as a password).
2) Something you have (such as a keycard).
3) Something you are (such as a fingerprint).
High security requires 2 or 3 of these things. However, most things are good enough with only 1 of the three..
Online Starcraft RPG? At
Dietary fiber is like asynchronous IO-- Non-blocking!
Of course, there's Scheier's Password Safe, which is now a SourceForge project. See: http://www.schneier.com/passsafe.html. Works for me... I carry the encrypted file around on USB flash and who cares if I lose it... barring quantum computers, nobody's going to be breaking it within my lifetime.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I think the bigger point here is that most people don't care about passwords. They see them as necessary but annoying which is why they use easy to remember things. It's also silly to say writing down passwords is bad or good. People are always going to use different systems which may or may not work well for someone else. I rotate my passwords and do not write them down, another person my just find this annoying. It's all subjective IMHO
But what happens if someone moves the Sellotape? And more obviously, what if someone cracks on to your method? The password is right in front of them!
Actually it's not too bad because it requires physical access. At my famous Educational Establishment, there's been a recent spate of hackers using weak passwords to gain access - all from off campus. Make it strong and keep it written down somewhere secure, and you're pretty much safe from the majority of abuses. Keep it hidden innocuously in a book or a file of boring documents, rather like a file in a cake.
Which is quite easy.
But you don't even need to do that - some scanners can be fooled into accepting the latent print you leave on it. D'oh!
An authentication token that when used leaves behind all the information you need to construct a conterfeit - this is not something I want to rely on.
Biometrics is a fundamentally flawed scheme. A biometric is just a token that you can't replace (a scar on your finger? too bad), repudiate if stolen (I can lift your prints but you can't change them without pain), or use to separate priviledges (difficult to use a different thumbprint at the bank, at the library, and to open your car, unless you have interesting anatomy).
As for passwords, yeah, I've gotten to the point of having to write them down. I used to use only a few passwords - my login and root password, one common for low security sites, one shared one for a few sites I cared more about, and my on-line banking. But as sites put various non-sensical restrictions on password selection ("your password must contain two digits", "your password must not use any non-alphanumeric characters", etcetera), I've had to start writing them down.
"Something you are" reduces to "something you have". "Something you know", as you have to remember more and more things to deal with dozens of systems, reduces to "something you have" (that piece of paper with all the password written on it). It's all about the authentication tokens.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
If you read the quote which is in your post. He says "If I write them down AND THEN PROTECT the piece of paper..."
For example, the company I work for has strict policies for protecting passwords. We must keep our computer passwords in locked cabinets or we will face minor to moderate penalties.
Abaddon: An Xbox 360 Indie game
Just pick up any dollar bill. There's already a convenient unique password made up of alphabetic and numeric characters printed in the corner. For more important passwords use $5, $20, or even the good old Madison.
So if Jackson is on the $20 bill, what do 5 Jacksons make?
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
I stego my passwords on a small card that I keep with me. Someone can get the card and they don't know what the password is for, and even if they did, they don't know what's the password and what's just a "junk character".
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
There are plenty of ways to do this. For instance, you can keep the passwords on (picked at random) page 57 of a red notebook that stays locked in your drawer when you're not around, and is only out of the drawer when it's in use. You can leave clues to yourself what they mean.
For instance:
mama: no dates
The actual password, not written down, is "n0datez!" The machine this is for is the largest system you work on (big mama).
If using random strings, try to make it look like serial numbers; again the place or account to use this for should be hinted at (to you), not stated.
There are many, many ways to do this and be very secure. I once left a set of passwords and hints out in plain sight on purpose, just to see if anyone would recognize and try to crack them. They were never cracked, and I'm reasonably certain nobody even tried. They had no idea what they were seeing.
On a more practical note, back in a day when I backpacked through europe I wanted to have a backup of important data to take with me, in case I lose my passport/bank cards/etc. However being a paranoid freak I did not want to write the numbers down on paper in plain-text, as I would be doubly exposed - I could loose my wallet or I can loose my notebook.
So to resolve this issue I wrote the information using a simple rot-n algorithm with random keys. I wrote down all numbers (including rot-n keys, which looked just like the rest of the data) in my notebook and knew that if I had to use them, it would take me a little time but I could work it out, and if I were to loose the notebook, I could be pretty sure that noone would bother trying to make sense of a bunch of numbers written on the back cover - most likely it will be just tossed.
Obscurity combined with physical security makes things severely more difficult for a casual snooper. In the end it is a game of making the cost of figuring it out to be more that the desire to do so. Writing down key data, such as passwords, with a little obfuscation goes a long way.
-Em
RelevantElephants: A Somatic WebComic...
I chose the quote from the summary because it worked best for what I wanted to point out. I did read the article (I always do, or I won't post against it)...
No biggy. I agree with your point we haven't found any scientific solution for morons yet, but that's sort of my point. If we let (as a policy) people just write passwords down, that little slice of moron-dom is the part that always bites us in the rear.
I know the article talked about securing the scrap of paper on which the password is written stowed, and secure, but my experience has been that doesn't happen. And, when combined with the policy that passwords be written down (he almost states they must be written down -- the exposure is greatly increased.
I'm not proposing any rebuttal or solution, I've always found the more oppressive a regime, the more determined hackers are to find a way in. I've been approached many times by the security organizations where I've worked to help them with their policies (I'm pretty good at hacking) and I've always declined -- I find it a difficult universe to exist in where no matter how hard you try, there are always people out there who break what you make.
Security in computers is a losing battle. It's an extension of our social makeup and there'll always be good guys and bad guys and there'll always be breaches. I just think what the article proposes is yet another proposal, and it adds little to overall real security.
By the way, I don't think this is at all a first, seeing a post modded +5 from a poster who hasn't read the article... I've seen a number of what are fairly obvious examples of that. Used to get my dander up, too, but I've come to accept sometimes the poster may have enough credible and useful to add to the discussion without having to read the article (though, not always :-)). And, again, for the record -- I did read the article.
Good feedback.
Uh, what about the guys that are creating hashes of all the password combinations that exist in a database. They just need a couple of terabytes to do this in, and with HDs showing up as 300, 400, or even 500gb that's more practical every day. They can then just do a quick search for your password without having to crack anything.
Your 20 character password just means that they need a couple more 500gb HDs, that's all.
It wouldn't take all those years, now would it??
I've got a system better than a biometric USB key: I use an app called "Keyring" on my Palm, and store my passwords in that.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Agreed. Sure, some crypto whiz will cut through that clutter in a day or two, but that's probably not the guy who'll lift your wallet at a ball game.
One thing I wish security systems had was some kind of "tripwire" password, i.e. the account is locked if anyone ever tries it. That way you could put the tripwire at the top of the list so if it ever did get stolen the theif would lock himself out permanently before you ever knew your wallet was gone.
I use a similar technique, using a dollar bill. Take the serial number of a dollar bill and choose an offset between 1 and 4. Type in each character of the serial number number, pressing the shift key for every character that is a multiple of the offset (every third character for example) This way, you have the password "written down," but it is stored in an inconspicuous manner that will not be recognized or comprimized if you lose your wallet. Obviously, don't lose/spend that bill :)
Yes; This is in our corporate information security policies, along with the suggestion that users use memorable song lyrics as the source pass phrase. Most users like that system, as it becomes fun to think up a new password.
14ckwbwtdbwb = Fourteen cannibal kings / wondering blindly what the dinner bell will bring
For a root system password, you may want an even longer password, both for cryptographic security where cryptographic systems support > 8 characters, and more importantly to discourage the use of the root system account by administrators when tools like sudo make its use unnecessary.
ItastD,DIgtiop,lttuatt,wyesok? = I turned and said to Dan, "Dan I guess this is our prime / like they tell us all the time / were you expecting some other kind?"
It's difficult to forget that password, but even in the event you do forget it, there's a strong possibility you'll remember enough to Google-up the answer. And I guarantee administrators will more frequently use (rules-driven, command-logged) sudo when the alternative is a 35-character root password.
- James