Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: How To Protect Your Passwords From Amnesia?

Soulskill posted about 9 months ago | from the train-a-friendly-dolphin-to-use-KeePass dept.

Security 381

Phopojijo writes "You can encrypt your password library using a client-side manager or encrypted file container. You could practice your password every day, keep no written record, and do everything else right. You then go in for a serious operation or get in a terrible accident and, when you wake up, suffer severe memory loss. Slashdot readers, what do you consider an acceptable trade-off between proper security and preventing a data-loss catastrophe? I will leave some details and assumptions up to interpretation (budget, whether you have friends or co-workers to rely on, whether your solution will defend against the Government, chance of success, and so forth). For instance, would you split your master password in pieces and pay an attorney to contact you with a piece of it in case of emergency? Would you get a safe deposit box? Some biometric device? Leave the password with your husband, wife, or significant other? What can Slashdot come up with?"

cancel ×

381 comments

Sorry! There are no comments related to the filter you selected.

Secure safe. (5, Funny)

Anonymous Coward | about 9 months ago | (#45896111)

Tell all your passwords to me, they'll be safe. Just don't forget who I am.

Re:Secure safe. (4, Funny)

wonkey_monkey (2592601) | about 9 months ago | (#45896335)

Like that'll ever happen. You post here all the damn time.

Just post it on Slashdot (5, Funny)

michelcolman (1208008) | about 9 months ago | (#45896113)

And then, whenever you need your password, just "ask Slashdot"! Of course there will then be some jokers who post incorrect passwords, but they will be modded down rapidly since anyone can check whether the password is correct or not. Just go with the "+5 informative" one.

Re:Just post it on Slashdot (0)

Anonymous Coward | about 9 months ago | (#45896281)

Alas, the jokers have modpoints too, you know.

Re:Just post it on Slashdot (4, Funny)

master5o1 (1068594) | about 9 months ago | (#45896333)

Remember, posting your password on the internet [bash.org] will show the password to you as as your password, but others will see it as stars.

See, look at my password ************

So now if I get amnesia all I have to do is come back and check my comment history and I'll find my password.

Re:Just post it on Slashdot (1)

Thanshin (1188877) | about 9 months ago | (#45896421)

Michel! ffs man! I've been trying to contact you since your accident!

Your password is "LargeAndInCharge69". I hope you recover all your data.

Re:Just post it on Slashdot (1)

HyperQuantum (1032422) | about 9 months ago | (#45896509)

hunter2

Paranoid much? (2, Funny)

Anonymous Coward | about 9 months ago | (#45896115)

Amnesia is most often associated with major brain damage, which means you have a lot more to worry about than your passwords. Now zombies, those are real, which is why I'm holed up here in the middle of Nebraska with enough ammo to put the entire state out. You hear that zombies, you'll never take me alive!

Re:Paranoid much? (1)

Anonymous Coward | about 9 months ago | (#45896195)

We were not planning to take you alive - maybe undead, but not alive.

Re:Paranoid much? (3, Insightful)

stranger_to_himself (1132241) | about 9 months ago | (#45896269)

Amnesia is most often associated with major brain damage, which means you have a lot more to worry about than your passwords.

Also with ageing - not just in dementia. My parents in their 60s/70s both struggle with remembering secure passwords.

A piece of paper in a drawer (2, Funny)

captainpanic (1173915) | about 9 months ago | (#45896123)

For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate.

For my personal passwords, I rely on security through obscurity: I don't believe that anyone can find my passwords in the giant mess that I call my office. If I get sick, I can use the recovery time to clean up my office. It will take weeks, if not months.

Btw, I don't need a terrible accident to forget passwords. It happens a lot for those passwords that I don't need too often.

Re:A piece of paper in a drawer (3, Interesting)

txoof (553270) | about 9 months ago | (#45896165)

A trusted executor is really the way to go here. Store the passwords in an encrypted format and then give the key to a trusted party that will only unseal the encrypted database in the event that you are incapacitated. For added security, split the key into multiple parts and give it to multiple parties. It would probably be best to transport the key in a physical format and make it clear that the importance of the document.

In a work place setting, give the keys to supervisors that are mutually responsible for the systems in question. In a personal setting, give the keys to family members that are trusted. Be sure to provide step-by-step instructions as to how to decrypt your data. If you are so unfortunate to not have trusted family or friends, pay a law firm to administrate this service and act as your executor. For a fee, the law firm can be instructed to only unseal the data in the event that certain standards are met (such as a declaration of incompetence by N medical professionals).

Re:A piece of paper in a drawer (2)

Zachary Kessin (1372) | about 9 months ago | (#45896197)

I would probably give a master password and a copy of my password safe to my lawyer, along with my will and other legal paperwork that she should have just in case something should happen to me.

Re:A piece of paper in a drawer (1)

Anonymous Coward | about 9 months ago | (#45896319)

In a personal setting, give the keys to family members that are trusted.

Better yet, use secret sharing so for example, any 5 out of 10 of your family members can recover the password: http://point-at-infinity.org/ssss/

Re:A piece of paper in a drawer (2, Informative)

Anonymous Coward | about 9 months ago | (#45896179)

For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate.

This is the way to go.
The first question you should ask yourself is, if someone have physical access to my computer, do I care if they also have my passwords. If not then a post-it on the monitor will work just fine.
Otherwise you should ask yourself, do I have any physical place where someone finding out my passwords would be the least of my concerns? If you have a place like that, store your passwords there.
As long as you don't store what the passwords are for together with the passwords some random stranger getting hold of your passwords won't be that much of a problem anyway.

Re:A piece of paper in a drawer (5, Funny)

ifiwereasculptor (1870574) | about 9 months ago | (#45896473)

do I have any physical place where someone finding out my passwords would be the least of my concerns? If you have a place like that, store your passwords there.

You just gave me the best idea ever: tattoo your passwords on your penis. The chance of losing it is small when compared to the chances of losing a notebook or piece of paper, it's a private location and chances are social engineering industrial espionage attempts will have to get pretty interesting. I can see only two minor problems with my plan: first, you might not be able to fit strong passwords in there. If you end up only being able to fit easy to brute force passwords, I suggest you use the old piece of paper method, and maybe a pump. Second, your work may be one of those that use five or six different systems, all with different passwords, and rotate them on a monthly basis. You can still stick with the idea, but oh, boy, you're going to be sore.

Re:A piece of paper in a drawer (5, Interesting)

Anonymous Coward | about 9 months ago | (#45896247)

For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate...

Your boss does not have "every right" to know your password at work any more than any other employee has a "right" to know it. You are an IT Security person's worst nightmare with that bullshit argument, especially if you have even a fucking hint of how Windows security works, and know damn well that in any emergency, most any member of your IT staff can reset any password upon following proper HR and IT policy, which is your audit trail as well for CYA.

Work passwords pretty much for the most part do NOT need to be stored offline in any way for this very obvious reason, and by relying upon the security guards, you've basically destroyed any point in having any sort of strong password policy.

Like I said, you're an IT Security person's worst nightmare. Knock it off with that shit already, and use common sense.

Re:A piece of paper in a drawer (1)

Infestedkudzu (2557914) | about 9 months ago | (#45896261)

mod +1 accurate

Re:A piece of paper in a drawer (0)

Anonymous Coward | about 9 months ago | (#45896403)

+1 People that do this, are exactly how snowden was able to evade detection. Seriously it is not that difficult to not share passwords with anyone.

Re:A piece of paper in a drawer (4, Insightful)

pspahn (1175617) | about 9 months ago | (#45896493)

I know that it might seem obtuse, but there are in fact companies out there that don't even have an IT department and chances are the "IT system" is just a bunch of random machines doing random things and password resetting isn't a practical option.

Re:A piece of paper in a drawer (5, Informative)

aaribaud (585182) | about 9 months ago | (#45896331)

For work-related passwords, my boss has every right to know my passwords if I get sick

Hmm, no, he has every right to access your professional data for sure, but this does not necessarily require him to know your passwords. Back when I was doing IT for a 25-odd people company, I'd briefed people that their password was like their signature: personal, and if some manager asked them their password, they should redirect the manager to me (happened a few times, each time the request was baseless and rejected, and when there was an actual problem, it was solved without anyone having to let anyone else know their password). Heck, I'd briefed everybody never to tell me their password.

Re:Don't need even that (2, Informative)

Anonymous Coward | about 9 months ago | (#45896373)

Everyone forgets passwords once in a while.
Personal Passwords? Most of them can be reset. That is, if that email address still exists. Otherwise it probably wasn't important enough anyway.
Job passwords? Can be reset
Government related passwords (like DigiD in the Netherlands)? Reset it online and they'll send you a reset code via ye olde mail
My girlfriend suffered from a cerebral hemorrhage a couple of years ago.
Trying to get a new bank pass (she also forgot her PIN) was way more difficult than online stuff recovery.

Re:A piece of paper in a drawer (4, Insightful)

pla (258480) | about 9 months ago | (#45896383)

For work-related passwords, my boss has every right to know my passwords if I get sick.

Absolutely not. Your employer has every right to reset your work-related passwords to gain access to your machine - An easily detected, even auditable, event that proves "you" didn't try to bribe a Central American dictator to use your company's brand of widgets (or bullets, as appropriate).

Now, for truly shared company passwords like a corporate Twitter account, you should already have a key escrow plan set up - That might mean a formal third-party service, or something as simple as the old trick of writing it on a note-card, sealing the note-card in an envelope, and signing across the flap. Store envelope in a secure area.

Don't confuse those two situations.

Re:A piece of paper in a drawer (3, Insightful)

DarkOx (621550) | about 9 months ago | (#45896441)

For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate.

Disagree.

Your boss has every right to possess credentials himself capable of resetting or changing your password to something he knows; should a need arise. He should not however have your password. This is a audit and separations of powers issue. Being able to reset your password is fine, that should result in a log, of what account was reset and what account did the resting. If it was root, who sudo'ed to root, etc. Can someone with administrative access still taper with logs? Yes; but it raises the bar and makes it harder to cover their tracks from forensic examination if something happens.

Account credentials should not be shared for accountability reasons, even with the boss.

Re:A piece of paper in a drawer (0)

Anonymous Coward | about 9 months ago | (#45896475)

No.

For work related passwords you boss has every right to have an account with equal or greater privilege. Your boss has no right to your account.

If you want to know who did what, then if your boss has the ability to use your account, then there is no ability to audit, verify, trace, etc.

Re:A piece of paper in a drawer (1)

140Mandak262Jamuna (970587) | about 9 months ago | (#45896517)

For work-related passwords, my boss has every right to know my passwords if I get sick.

Access to the work related accounts should not depend cooperation from the employee. Trust employees to be gruntled but have contingency plans for the !gruntled too. And incapacitated, and the inaccessible as well.

My boss can simply as the sys admin to change the password of accounts on servers controlled by my employer. I don't ask my staff to reveal their passwords to me, and when they leave or get fired, it is standard ops to reset their passwords, archive the $home and give me access to those files.

But increasingly some of the work is getting outsourced. For example webex accounts are not authenticated by our servers. But still, out IT has higher level access to their tech support and my employer can get access to my work related external accounts too. I wonder how the stop the access if/when employees leave. Something to check up with IT.

"I forgot my password" functions (0)

Sockatume (732728) | about 9 months ago | (#45896125)

Figure out how you can recover your password for every service and system you use, at the time when you first set up the account

1) You have every chance of just plain forgetting the password in the first place.
2) It's your way to recover your account if it's compromised.
3) It's a potential vulnerability in the first place.
4) It's almost impossible to figure out how you have things set up if you didn't sit down and lay things out properly in the beginning

If all your accounts send their password recovery emails to the same Gmail account, and that account doesn't have TFA, or it has TFA and you've never bothered to print off the master codes, you're saving yourself very little effort in exchange for the distinct possibility of completely screwing yourself over at a later date.

Re:"I forgot my password" functions (1)

fph il quozientatore (971015) | about 9 months ago | (#45896237)

Figure out how you can recover your password for every service and system you use, at the time when you first set up the account

Full disk encryption says hi.

Re:"I forgot my password" functions (1)

Rosco P. Coltrane (209368) | about 9 months ago | (#45896255)

Full disk encryption says hi.

Software deprecation says hi too: have you ever tried to read a cryptoloop-encrypted volume with a recent Linux kernel? Good luck with that.

Basic Master Password stored on a piece of paper (1)

Anonymous Coward | about 9 months ago | (#45896139)

I have a master password which i then encode with a simple cypher of adding letters together. e.g. A + B = D.

I then get a sentence from a book/movie etc and essentially add these together:
myveryspecialpasswordisawesome
ALLYOURBASEAREBELONGTOUS

I then just stored the encoded version on a piece of paper around the house for example with a hint?
adsfaudfjuasdfjadsufadsfjadsfdsaf, Air force ....?

Re:Basic Master Password stored on a piece of pape (0)

Anonymous Coward | about 9 months ago | (#45896317)

Hints are nice, but also problematic: If they are too obvious, others can easily figure out the password. If they are too cryptic, you may later not be able to make sense of them yourself (happened to me, actually).

Re:Basic Master Password stored on a piece of pape (2)

Joce640k (829181) | about 9 months ago | (#45896433)

I have a master password which i then encode with a simple cypher of adding letters together. e.g. A + B = D.

I then get a sentence from a book/movie etc and essentially add these together:
myveryspecialpasswordisawesome
ALLYOURBASEAREBELONGTOUS

I then just stored the encoded version on a piece of paper around the house for example with a hint?
adsfaudfjuasdfjadsufadsfjadsfdsaf, Air force ....?

F.

The stated problem was: "Amnesia".

You appear to have answered a completely different problem.

My passwords do not... (1, Funny)

jw3 (99683) | about 9 months ago | (#45896151)

...suffer from amnesia. Passwords generally don't, so I would not worry about that particular problem.

And now excuse me, I need to water my keyboard.

Do what Jason Bourne did (4, Informative)

wisebabo (638845) | about 9 months ago | (#45896153)

Tattoo your safe deposit bank number (the bank of which required your biometric identity to get into the vault) on your arm. Maybe you should also tattoo the name of the bank (and address?) there, I seem to remember that he had problems remembering he had a safe deposit box there.

Re:Do what Jason Bourne did (1)

Joce640k (829181) | about 9 months ago | (#45896391)

Tattoo your safe deposit bank number (the bank of which required your biometric identity to get into the vault) on your arm. Maybe you should also tattoo the name of the bank (and address?) there,

...and then never wear short sleeves in public or go swimming for the rest of your life.

Re:Do what Jason Bourne did (0)

Anonymous Coward | about 9 months ago | (#45896399)

Save a plain .txt file in a micro SD card, then cut open a slit between your skull and scalp and insert the micro SD card in there.
Take Spectinomycin for 10 days and then get a wig until your hair grows back.

Nice try (5, Insightful)

sc0rpi0n (63816) | about 9 months ago | (#45896159)

Nice try, NSA!

Hire a lawyer (0)

Anonymous Coward | about 9 months ago | (#45896167)

Store your passwords that are that important with a lawyer. That's what they're there for.

Re:Hire a lawyer (4, Insightful)

Rosco P. Coltrane (209368) | about 9 months ago | (#45896239)

I'd rather give my password to a russian hacker than to a lawyer. The former is probably more trustworthy...

Re:Hire a lawyer (0)

Anonymous Coward | about 9 months ago | (#45896341)

I thought that's what a notary is for.

Sealed Envelope (2, Informative)

Anonymous Coward | about 9 months ago | (#45896173)

IIRC, Nemeth, Hein, Snyder, and Whaley suggest a sealed envelope in a safe (or locked away in a safe place). As soon as the seal's broken, you know that the person(s) who know(s) the combination/has the key indeed needed access to the password (in an emergency), so you may want to change the password in the future.

Re:Sealed Envelope (1)

Joce640k (829181) | about 9 months ago | (#45896457)

Put it in a box with a one-time lock (can only be locked once, yes, they exist...).

That way you can tell if anybody else has ever opened it.

Lock it in an ordinary safe then drill a hole through the key and get a jeweller to fit an engraved metal ring through the hole. The only way to use the key is to break the ring. Or lock it in the safe then cover the key with sealing wax and sign it (no, they're not 100% foolproof but they're probably good enough).

encrypted with master password known to my wife (0)

Anonymous Coward | about 9 months ago | (#45896175)

My password list is encrypted with a master password.
My wife knows the master password
In case that she has amnesia too, the master password is tied to a event in my live. When I(or somebody else) can remember that event i can regenerated the master password.

Keep it on a piece of paper (1)

MindPrison (864299) | about 9 months ago | (#45896181)

It's generally wiser to keep passwords inside the head rather than on a file - encrypted or otherwise. But if you can't do that, keep it on a piece of paper, and if you're worried about others seeing your paper, well, lock it up somewhere safe, and if you're truly paranoid, you could always write your password with a system that only you know...example: if your password would be 15821e2a you could write 26932f3b instead, and only YOU know that you only shifted the numbers and characters one number ahead, you could do this to each second character in your code, or according to your own system. Your brain is the limit!

Re:Keep it on a piece of paper (2)

Joce640k (829181) | about 9 months ago | (#45896193)

Your brain is the limit!

Sure, unless you wake up with memory loss (it can happen, it seems you forgot the words of the summary while you were writing that!!)

Re:Keep it on a piece of paper (1)

MindPrison (864299) | about 9 months ago | (#45896233)

I know, it has actually happened to me ;) Once, I was on my way to a convention to purchase some electronic components, and I've actually forgotten my VISA pin-code. It was so silly, I've NEVER forgotten that code before, I used it on a daily basis and couldn't for the life of me understand why it was gone. Then I had a system (which I fortunately remembered), how I actually made up those numbers in the first place, and that could re-generate that code for me. But of course, if I had TOTAL amnesia, then I'd have very different problems than just remembering a few passwords.

Re:Keep it on a piece of paper (1)

Rosco P. Coltrane (209368) | about 9 months ago | (#45896231)

keep passwords inside the head rather than on a file - encrypted or otherwise. But if you can't do that, keep it on a piece of paper, and if you're worried about others seeing your paper, well, lock it up somewhere safe

Let's see: in a safe with a combination lock perhaps?

Re:Keep it on a piece of paper (1)

MindPrison (864299) | about 9 months ago | (#45896337)

keep passwords inside the head rather than on a file - encrypted or otherwise. But if you can't do that, keep it on a piece of paper, and if you're worried about others seeing your paper, well, lock it up somewhere safe

Let's see: in a safe with a combination lock perhaps?

I just use a key.

Re:Keep it on a piece of paper (0)

Anonymous Coward | about 9 months ago | (#45896363)

Sure. After all, if you forget the combination, you can still use a welding torch to open it.

Re:Keep it on a piece of paper (1)

gsslay (807818) | about 9 months ago | (#45896279)

Isn't the whole point of the OP's question that you don't know you shifted the numbers and characters?

Same applies if you need others to access the password in the event of your death. They need to be in on the secret too.

Use mooltipass (5, Interesting)

Mathieu Stephan (2892907) | about 9 months ago | (#45896183)

At Hackaday we're actually developing a solution that could work in your case. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating and storing long and complex random passwords for the different websites you use daily. It is designed to be as small as possible so it can fit in your pocket. The Mooltipass is composed of one main device and a smartcard. On the device are stored your AES-256 encrypted passwords. The smartcard is a read protected EEPROM that needs a PIN code to unlock its contents (AES-256 key + a few websites credentials). As with your credit card, too many tries will permanently lock the smart card. Therefore, you'd only need to share your PIN code with your husband/wife (5 to 6 numbers) And the whole project is open source.... http://hackaday.com/tag/developed-on-hackaday/ [hackaday.com]

Re:Use mooltipass (1)

Custard Horse (1527495) | about 9 months ago | (#45896389)

Therefore, you'd only need to share your PIN code with your husband/wife (5 to 6 numbers)

Husband/wife? This is slashdot you know...

Just Use Post it notes (1)

PsyMan (2702529) | about 9 months ago | (#45896185)

Write them all on post it notes and stick them to the edge of your monitor. Seems to work for all of the managers where I work.

It's not a bug, it's a feature! (1)

ArsenneLupin (766289) | about 9 months ago | (#45896189)

Suppose you did indeed have an amnesia-proof password store. And then you get into a situation where you are scared to death (jackbooted thugs breaking into your house in the middle of the night, drag you off to some scary Cuban shore, ...) and you are so frightened by the ordeal that you forget your valuable passwords. So fine so good. But then there's you're amnesia-proof solution, which brings your memories back. oops.

Re:It's not a bug, it's a feature! (0)

Anonymous Coward | about 9 months ago | (#45896217)

This is the kind of drek that gets posted on a "tech site" these days.

Re:It's not a bug, it's a feature! (1)

Joce640k (829181) | about 9 months ago | (#45896465)

Suppose you did indeed have an amnesia-proof password store. And then you get into a situation where you are scared to death (jackbooted thugs breaking into your house in the middle of the night, drag you off to some scary Cuban shore, ...) and you are so frightened by the ordeal that you forget your valuable passwords. So fine so good. But then there's you're amnesia-proof solution, which brings your memories back. oops.

They're going to drag you off to Cuba to get your Facebook password?

Just (0)

Anonymous Coward | about 9 months ago | (#45896205)

write down some of the letters/numbers, enough to trigger your memory of the whole password but not enough for anyone to know what it could possible be.

Why is "forgetting" such a problem apparently? (2)

Rosco P. Coltrane (209368) | about 9 months ago | (#45896209)

It's very easy to create unique passwords that are hard to guess, and completely trivial to remember. My method is this:

- I have a 4 "stems" that are the first letters of 4 lines of poetry I remember from school. one stem is used for "very personal" things (ssh private key passwords for instance), another for login on "trusted" machines (my servers), and a third to use on various websites I trust moderately, and a fourth is a "junk" stem to use on shite websites (hotmail and the likes).

- To each stems, I append 2 digits (always the same)

- I prefix each stem with the first 3 letters of my username, and I append the 3 first letters of the machine's name, or website name I'm logging onto, after the digits.

- Finally, I append the number of letters in the machine name or website name (sans www. or .com).

The passwords that I create that way are reasonably secure, usually unique, and all I have to remember is a poem, my username for a particular machine/website (those I can store somewhere in plain text just in case) and the method to derive the corresponding password.

I have kajillions of passwords, and zero trouble remembering them. How hard can it be? I've never felt the need for a password storage solution of any kind.

Re:Why is "forgetting" such a problem apparently? (1)

cascadingstylesheet (140919) | about 9 months ago | (#45896241)

It's very easy to create unique passwords that are hard to guess, and completely trivial to remember. My method is this:

- I have a 4 "stems" that are the first letters of 4 lines of poetry I remember from school. one stem is used for "very personal" things (ssh private key passwords for instance), another for login on "trusted" machines (my servers), and a third to use on various websites I trust moderately, and a fourth is a "junk" stem to use on shite websites (hotmail and the likes).

- To each stems, I append 2 digits (always the same)

- I prefix each stem with the first 3 letters of my username, and I append the 3 first letters of the machine's name, or website name I'm logging onto, after the digits.

- Finally, I append the number of letters in the machine name or website name (sans www. or .com).

The passwords that I create that way are reasonably secure, usually unique, and all I have to remember is a poem, my username for a particular machine/website (those I can store somewhere in plain text just in case) and the method to derive the corresponding password.

I have kajillions of passwords, and zero trouble remembering them. How hard can it be? I've never felt the need for a password storage solution of any kind.

Hey, that's great ... {scribble} ... what was that middle one again?

Re:Why is "forgetting" such a problem apparently? (4, Insightful)

OolimPhon (1120895) | about 9 months ago | (#45896265)

"All I have to remember is a poem".

This won't necessarily work if you have amnesia! Poem? What do I need a poem for? And all that stem/prefix/append process, if you have amnesia, what's that all about?

If your passwords, and your password generating method, are kept solely inside your head, then that is a single point of failure. Fall off a bike and it may be gone. For ever. The point is to be able to somehow reconstruct your passwords if you can't remember!

Re:Why is "forgetting" such a problem apparently? (1)

Rosco P. Coltrane (209368) | about 9 months ago | (#45896303)

The point is, I've used that poem and that method for so many years, and it's such a simple system, that it might be the one thing I'll remember first if I have amnesia.

But you're right, at the end of the day, you have to choose between a single point of failure in your head or outside your head. I think the odds of compromising your passwords because your trusted relative, friend, attorney... wasn't so trustworthy or careful is far greater than having amnesia.

Re:Why is "forgetting" such a problem apparently? (0)

Anonymous Coward | about 9 months ago | (#45896405)

this is all very well but then if you have to change each password every month and you cannot have the same password for the last 6 month or a similar password - it must be 50-75% different to previous 6 passwords

Write them down (0)

Anonymous Coward | about 9 months ago | (#45896229)

I write down all my personal passwords. I know people say not to do this, but if they have physical access to your home then you are already screwed.

Re:Write them down (1)

CFBMoo1 (157453) | about 9 months ago | (#45896385)

A lot of people want to use electronic stores for passwords on their computers. I think that is more dangerous given how connected machines are these days than a piece of paper that can't be hacked in to electronically from a remote connection. Paper is the best way to keep them so long as the paper is out of sight and locked away when not in use.

I did something really clever (3, Funny)

Chrisq (894406) | about 9 months ago | (#45896235)

I did something really clever with my password list .... I'm darned if I can remember what though.

Re:I did something really clever (0)

Anonymous Coward | about 9 months ago | (#45896305)

I did something really clever with my password list .... I'm darned if I can remember what though.

You emailed the list to me for safekeeping. Just send $10,000 (plus shipping and handling) to my paypal account, and I'll send it right back to you!

Re:I did something really clever (4, Funny)

Chrisq (894406) | about 9 months ago | (#45896329)

I did something really clever with my password list .... I'm darned if I can remember what though.

You emailed the list to me for safekeeping. Just send $10,000 (plus shipping and handling) to my paypal account, and I'll send it right back to you!

Sure ... just tell me my paypal password first, I can't remember it!

Republican answer (3, Funny)

korbulon (2792438) | about 9 months ago | (#45896245)

Try not getting amnesia in the first place! Whore!

Always wear a helmet (1)

indivisible (1530619) | about 9 months ago | (#45896251)

Always wear a helmet

Use PwdHash (1)

sgtpep (3490461) | about 9 months ago | (#45896263)

Remember the only password and encode it to multiple unique passwords per website using PwdHash (browser addons are recommended).

Re:Use PwdHash (1)

Overzeetop (214511) | about 9 months ago | (#45896503)

How do you remember the master password? Let's skip amnesia (which may not be total, but would almost certainly include forgetting a password) and just assume you're dead.

What use with amnesia? (1)

gnasher719 (869701) | about 9 months ago | (#45896267)

Passwords are of no use if you have amnesia, because you don't have a clue what they are for.

But with any security question, there are always events where you say "if X happens, then you have lost and there is no point in trying to mitigate". For example, if people break into your house willing to beat you up for your passwords and kill you if you don't give them out, then you have lost.

Write your private passwords on paper, hide them somewhere in your house, if you want deposit a copy at your work place in case the house burns down (if you have a work place with your own desk that can hold private stuff), and lay off the paranoia.

I do not discuss matters of security (1)

gsslay (807818) | about 9 months ago | (#45896271)

I have a solution for this scenario, and equally for my sudden death.

Can't tell you what it is, obviously, as that would compromise it. Not much help, I know. But that's how security works.

Re:I do not discuss matters of security (0)

Anonymous Coward | about 9 months ago | (#45896327)

I have a solution for this scenario, and equally for my sudden death.

Can't tell you what it is, obviously, as that would compromise it. Not much help, I know. But that's how security works.

Actually, that "security through obscurity" approach is exactly how security does NOT work :-)

Depends upon the situation ... (1)

MacTO (1161105) | about 9 months ago | (#45896283)

In the case of my employer, I got lucky: the administrative passwords were placed in a signed and sealed envelope in case anything critical happened. It worked because they knew how to handle confidential data and acknowledged that I was the only one who should have access to those passwords (unless something critical happened).

In the case of important personal passwords (e.g. financial institutions), you could write it down and place it in a safe. You're letting the bank handle the security in that case, and it is physical security, so there is a lot less to worry about in that case.

For the most part though, my personal passwords are not a huge concern. Passwords for sites like Slashdot can be recorded non-securely, or not recorded and forgotten, without significant consequence. (My choice is to not record and risk forgetting. Other people may stick them in a notebook in their desk.)

My Solution (1)

Bazman (4849) | about 9 months ago | (#45896291)

I keep my pa55w0rd hidden in plain sight.

Re:My Solution (1)

master5o1 (1068594) | about 9 months ago | (#45896347)

My passwords are the domain name backwards.

gro.todhsals

Vacation. (2)

leuk_he (194174) | about 9 months ago | (#45896293)

The real story:

You have a good password, that changes every 2 months. It is complex, and the previous password does not look like the current password.

Then you come back from a 2 week vacation and you have only 3 tries to remember your password.

happens way too often.

Write it down. (0)

Anonymous Coward | about 9 months ago | (#45896295)

Really,

Write it down and keep it in your home.
Chances of someone breaking into your home and stealing your password are very, very slim...

In Real LIfe (0)

Anonymous Coward | about 9 months ago | (#45896307)

Create an encrypted master password file with a key that only I could possible know and would be unlikely to forget. Some thing like what I remember from my first plane trip (DC6Flt405SFOtoLAX) when I was eight years old. In real life if I was so badly hurt that I couldn't remember the master password, anything protected with a password would most likely be of little use to me anyway.

don't bother (0)

Anonymous Coward | about 9 months ago | (#45896321)

I don't want me touching my stuff.

Biometrics silly (0)

Anonymous Coward | about 9 months ago | (#45896325)

Have a laptop with a fingerprint scanner, set it up with all your passwords (lenovo thinkpads do very well for this), no more worries.

Now if you lose both of your arms, well, we can't help you.

I am Quaid! (0)

Anonymous Coward | about 9 months ago | (#45896351)

Hauser is the guy with amnesia. I had a plan to protect my passwords, but Kuato talked me out of it.

My hands think for themselves (0)

Anonymous Coward | about 9 months ago | (#45896361)

You want to know something weird?
I have passwords that my hands can type but my brain doesn't actually know.
If you asked me to write them down I wouldn't be able, but if you asked me to type them I could do it in seconds without even thinking.

Tattoo (0)

Anonymous Coward | about 9 months ago | (#45896371)

Tattoo it on your wang.

Re:Tattoo (0)

Anonymous Coward | about 9 months ago | (#45896449)

Tattoo it on your wang.

but my password is six characterless long, how can i possibly fit it on.

Formula? (0)

Anonymous Coward | about 9 months ago | (#45896375)

I'd suggest a formula comprised of website name / or url and a number between 1 and 10 which allows for nice shifting around of letters.
Keep the formula safe somewhere on paper under your bed or in safe ;-)

It has allowed me to keep track of about 60 login sites i've been to. In the past 15 years.
Not always you get the option to decide your own password these sites annoy the hell out of me. They are however becoming increasingly rare but in workplaces you sometimes get handed down an account including password which is not changable //. grmbl.

Cryptolocker (1)

John Burton (2974729) | about 9 months ago | (#45896381)

All my disks are encrypted by the cryptolocker virus. That way I can get them unencrypted for the low low price of 2 bitcoins without having to remember any passwords :)

eeee (0)

Anonymous Coward | about 9 months ago | (#45896395)

Life defining moments as the hints that you'll only get.

3g Yellow Car - To you that means nothing however to me it means "in third grade my evil bitch teacher took away my yellow crayon car which made me cry" I do that with a master file just in case because it's just one of those things you're probably never gonna forget. I have to do it like that because my mind is burnt from years of hardcore drug abuse and new memories fade fast.

Re:eeee (1)

Chrisq (894406) | about 9 months ago | (#45896435)

3g Yellow Car - To you that means nothing

I thought it was Google moving into self-driving taxis.

Don't do anything (0)

Anonymous Coward | about 9 months ago | (#45896401)

Suffering temporary amnesia is a golden opportunity to start fresh.

Ask NSA (1, Funny)

ZeRu (1486391) | about 9 months ago | (#45896411)

Just ask NSA for your passwords, since they probably know them all.
Not sure if they will want to reveal them to you, though.

KISS: just write it down. (0)

Anonymous Coward | about 9 months ago | (#45896419)

Paper, a pen, somewhere to store it, and someone to locate it.

And i figure my dementia wont hold up against my hardwired "geo-organize" tick.
Some think its just a mess, but there IS a system, they just dont get it. ;)

Sigh (2)

ledow (319597) | about 9 months ago | (#45896423)

Write them down. In a notebook. Label what they are the password for.

Store book in safe place and update once a year.

That's how I do it for my employers (large fireproof safe, book sealed so you can't open it without me noticing, etc.) and for myself.

If you get to my safe, get into my safe, get into the book, then it's also game over for every PC in the house anyway, not to mention my Facebook password will be the least of my worries (banking token generators, etc.).

Seriously people, stop repeating the advice to "never write down passwords". Write them all down in one huge book and PUT IT SOMEWHERE VERY VERY VERY SAFE. Then if you die, if you're on holiday and someone needs to log in for whatever reason, if your other half is at home and desperately needs to do something important as you, then you can talk them through getting access or they will know.

If you don't trust them? Lock it in a cheap safe of your own. Worst that happens is that you have to get out the cutting discs to get back into the thing and get your passwords back if you have a case of total amnesia.

Timer / Countdown (1)

RivenAleem (1590553) | about 9 months ago | (#45896445)

I imagine some kind of safe with a time lock on it, set to automatically open if a button "Add One Day/Week/Month/Year" is not pressed for the time interval. Of course, it can also be opened by inputting the pass code at any time. If you forget the pass code, and need access to the contents, all you have to do is wait for it to automatically unlock when the time runs out.

If there is a chance you need the contents at short notice, you lower the time, if you can afford to wait a month, then do so.

MS Paint (0)

Anonymous Coward | about 9 months ago | (#45896459)

Print out your passwords in a basic text file. Take a screenshot (Print Screen) of the file and paste it into MS Paint. Save the file wherever you want, but just don't put password or porn keywords in the name. Delete the original text file.
Or just write out the passwords using the brush tool. Add whatever Captcha patterns you want if you're extra paranoid.

Do what I did (4, Funny)

140Mandak262Jamuna (970587) | about 9 months ago | (#45896485)

Pick some nerdy site, say slashdot, and create an account. Use your password as the username, but it won't stand out in such sites. Cackling devilishly at the foolishness of the masses who do not realize that your password is hiding in plain sight is optional.

Use a PO Box (5, Interesting)

Overzeetop (214511) | about 9 months ago | (#45896495)

Go get a small PO Box
Print a master list of passwords each week and mail it to yourself at that PO box
Every 3-6 months go clean out your box except for the most recent and shred them
Keep the key with you at all times.

Why use this over a safety deposit box?
  (1) It's a federal felony for someone else to remove or open the letters
  (2) You have a list no more than a week old (prior to your death or amnesia) available
  (3) If you should die or become incapacitated, your home/mailing address will get a reminder once a year that you HAVE a box, and where it is, by producing ID or appears certifying your death or incapacitation, your attorney or next of kin will get a notification that such a box exists and when they (or you) check to see what mail you've gotten they'll discover your passwords.

Dumbest question ever (0)

Anonymous Coward | about 9 months ago | (#45896523)

Pen and paper. Duh.

Reverse Locker (1)

MtlDty (711230) | about 9 months ago | (#45896529)

I'd like to see Google, or Facebook or some other social media style site implement (what I'm calling) a 'Reverse Locker'

The idea is simple. It keeps stuff secret, but *only* if you log in periodically.

As well as solving the problem asked, the uses are more than you might think. For example I'd like to keep some documents safe until my death, at which point I'm happy for them to be made 'public' (such as a Last Will and Testament, or whatever)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?