Writing Down Passwords?

← Back to Stories (view on slashdot.org)

Posted by Cliff on Wednesday June 8, 2005 @09:40AM from the would-you-write-down-your-safe's-combination dept.

Atryn wonders: "I was recently checking for the latest firmware for a Netgear router when I decided to click on their Guide to Internet Security where it states: 'Contrary to much 'expert' advice, there is very little risk writing down passwords. In fact, years from now you may discover you need them to access old files.' I'm wondering what Slashdot thinks of Netgear's recommendation." Update: 06/08 21:19 GMT by T : Reader 654043 reminds us of the Microsoft recommendation to write down passwords which ran a few weeks back, and which has some pretty sound reasoning behind it.

10 of 428 comments (clear)

Min score:

Reason:

Sort:

Re:recommendations? by cursion · 2005-06-08 09:44 · Score: 5, Insightful

I've got this thing called a spiral bound notebook...

--
remember when it was {of|for|by} the people?
Re:Google groups by Janitha · 2005-06-08 09:47 · Score: 4, Interesting

Ive actually done that... should I be shot? Not plain text of course, simply use a word shift encryption which can be easily deciphered by hand. I posted all my current passwords like that and it has come in handy quite a bit. (I also have posted same list on slashdot comments)
Could be by Have+Blue · 2005-06-08 09:50 · Score: 4, Insightful

Well, how good is your physical security?. If the system will be accessed from an environment where there are likely to be unauthorized people wandering around all the time (large office, public area, etc), then don't write it down. If the system will be accessed from a place that only people you trust have access to (home), then it's not a danger- and if your home is ever compromised, having your router password in plain sight is the least of your worries.
Jon Udell: Simple single sign-on by otisg · 2005-06-08 09:54 · Score: 4, Interesting

See Jon Udell's
Simple single sign-on article from May 2005:

It points out a few simple solutions that will solve many people's problems.

--
Simpy
Like anything else by wowbagger · 2005-06-08 09:57 · Score: 5, Insightful

The security of writing down passwords depends upon the security of the paper they are written upon.

If you have a router/firewall on your Internet connection, and you write the password(s) to the router on a piece of paper taped to the router, then you are not really reducing your security - if the bad guys are in the room reading the password you are already in trouble.

However, if you write your workstation password down on a piece of paper under your keyboard, and other people can reasonably be expected to have access to your office, then you are greatly reducing your security. If, on the other hand, you have your password written down on a piece of paper you keep in your wallet, then the reduction in security is fairly minimal - especially if there is nothing in your wallet that would lead the bad guys to your workstation.

--
www.eFax.com are spammers
Get a keyring by 26199 · 2005-06-08 09:59 · Score: 4, Informative

A real, physical, password keyring. ThinkGeek has some rather expensive ones, but they'll definitely do the job. I have one of the earlier (cheaper) keyrings from the same company, and it's wonderful. I have strong passwords, I don't have to worry about forgetting them, and they're secure.
Re:recommendations? by rjelks · 2005-06-08 10:04 · Score: 4, Funny

It's a good idea to hide passwords that you've written on paper - but you don't need a safe. Just stick it to the bottom of the keyboard like I do. No one will every find it there.

--

Tech News, Reviews and Tutorials
Re:recommendations? by nizo · 2005-06-08 10:15 · Score: 5, Interesting

Becoming tired of remembering passwords, I wrote a little perl program to randomly generate a matrix like this:

a-E9 b-?p c-&m
d-6K e-aY f-eP
g-!S h-gn i-D=
j-Hd k-vw l-Cb
m-W5 n-4$ o-R3
p-x% q-7M r-NF
s-+2 t-s* u-Ay
v-fL w-zG x-Zu
y-cX z-Qr

I then print this, laminate it, and put it in my wallet (a backup copy somewhere isn't a bad idea either). Then, for every password I just remember a word (maybe "bank" for my bank for example) which gives me a password of: ?pE94$vw
Hard to guess, easy for me to "remember". If someone gets my paper (say I lose my wallet), it is still not simple to figure out what my passwords are, or even what the heck that little paper is. Shoulder surfing doesn't work too well either, unless you can memorize the whole card and then figure out which word I am using (it would be easier to try to watch me type the password on the keyboard then get it off the paper. Luckily I type fast and get annoyed when people stand over me while I type a password :-) ).

--
I Am My Own Worst Enemy
Re:recommendations? by bnardone · 2005-06-08 11:53 · Score: 5, Funny

I thought what he had posted was the Perl script.
Coincidentally... by Skjellifetti · 2005-06-08 15:14 · Score: 4, Funny

I'm sitting here reading /. because I fucking can't remember the fucking root password to a server that I'm supposed to administer as a favor to a friend. I changed it two months ago, haven't needed to get on the fucking machine since and now, when I need to fix it, I can't remember what the fuck I changed it to. And no, I can't just stick a rescue boot disk in because I don't know what fucking city the server is in.

Note to self: Next time, write down the fucking password and put it in the fucking file cabinet.

Note to poster: Did you ask this fucking question just to fuck with my mind or was it pure coincidence?

--
FreeSpeech.org