Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Writing Down Passwords?

Cliff posted more than 9 years ago | from the would-you-write-down-your-safe's-combination dept.

Security 428

Atryn wonders: "I was recently checking for the latest firmware for a Netgear router when I decided to click on their Guide to Internet Security where it states: 'Contrary to much 'expert' advice, there is very little risk writing down passwords. In fact, years from now you may discover you need them to access old files.' I'm wondering what Slashdot thinks of Netgear's recommendation." Update: 06/08 21:19 GMT by T : Reader 654043 reminds us of the Microsoft recommendation to write down passwords which ran a few weeks back, and which has some pretty sound reasoning behind it.

cancel ×

428 comments

Sorry! There are no comments related to the filter you selected.

recommendations? (1, Funny)

professorhojo (686761) | more than 9 years ago | (#12762220)

can anyone recommend a centralized password storage software solution that works well for them?

Re:recommendations? (5, Insightful)

cursion (257184) | more than 9 years ago | (#12762245)

I've got this thing called a spiral bound notebook...

Re:recommendations? (2, Funny)

Professor_UNIX (867045) | more than 9 years ago | (#12762290)

I've got this thing called a spiral bound notebook...

Then just lock it in a safe. The problem with that is I wrote the combination on a sticky note somewhere and I can't find it. As a backup I copied it into a text file and uploaded it to a remote server with a non-obvious name but unfortunately I forgot what I called it. :-( Next time I'm just going to keep the combination taped to the front of the safe.

Re:recommendations? (1)

cursion (257184) | more than 9 years ago | (#12762311)

at least your wife doesnt forget where she put the safe when she has to update her websites...

Re:recommendations? (2, Interesting)

rd4tech (711615) | more than 9 years ago | (#12762259)

PGP disk.
You can then store your passwords in any format you like, xls, txt..etc

Re:recommendations? (1)

bLanark (123342) | more than 9 years ago | (#12762266)

can anyone recommend a centralized password storage software solution that works well for them?

Bruce Schneier's Password Safe [schneier.com] .

Re:recommendations? (2, Informative)

m85476585 (884822) | more than 9 years ago | (#12762285)

Password Safe [sourceforge.net]

Re:recommendations? (0)

Anonymous Coward | more than 9 years ago | (#12762303)

I just put my passwords on a paper that I have in my back pocket. I don't include which password is for which system/site/login though.

For added security i use linux. Not anything special about linux, just that it isn't windows. So the people that I know that could pick my pocket, wouldn't really be able to do much with them. Besides, i'm cheap. I like chocolate. Yet no one has offered to buy a password from me.

Re:recommendations? (1)

muszek (882567) | more than 9 years ago | (#12762308)

I used to use Password Safe [slashdot.org] for couple years under Windows. I haven't looked for anything similar for Linux (I converted 3 months ago), but they mention some related linux projects on the website. Anyways, Password Safe is free (OS) and worked very well for me. One master password is needed to unlock database.

Re:recommendations? (1)

muszek (882567) | more than 9 years ago | (#12762339)

sorry, I messed up the link, here's a correct one:

Password Safe [sourceforge.net]

Re:recommendations? (1)

peragrin (659227) | more than 9 years ago | (#12762313)

A straight ascii text file, that you manually encrypt and decrypt. create encryption programs or use standard ones so that your data is accessible no matter what computer/os you are using.

Re:recommendations? (2, Funny)

bano (410) | more than 9 years ago | (#12762317)

Yes email them to me, along with your credit card numbers.

One word (1)

missing000 (602285) | more than 9 years ago | (#12762363)

Radius [gnu.org]

Re:recommendations? (1)

dnoyeb (547705) | more than 9 years ago | (#12762404)

I like to use a comma seperated file on my linux box. No point in encrypting because if you break in you got the key anyway...

vim has integrated encryption (3, Informative)

ikewillis (586793) | more than 9 years ago | (#12762418)

vim has integrated cryptographic functionality through VimCrypt. :help :X for more information.

I have a rather large master password list for every server at work which I store this way. It's quite handy.

Password Safe (1)

complexmath (449417) | more than 9 years ago | (#12762427)

http://passwordsafe.sourceforge.net/ [sourceforge.net]

Originally developed by Bruce Schneier so you know the crypto doesn't suck, this software is both free and very easy to use. I don't know what I'd do without it.

KeePass (1)

skroz (7870) | more than 9 years ago | (#12762442)

I like KeePass [sourceforge.net] for password storage. It's secure, well organized, AND I get to say "Keep Ass" a lot. I don't know why that's funny, it just is.

Re:recommendations? (1)

crandall (472654) | more than 9 years ago | (#12762447)

I have a Sandisk Cruzer Titanium, and I use TrueCrypt in order to keep an encrypted archive. Inside that, I have a spreadsheet that contains all my passwords.

The USB drive is always in my pocket, but in the strange instance I forget it, I have a readme file on the drive that tells anyone who finds it that they can keep it, as long as they send me (or arrange transfer for) the contents.

I also keep regular backups of the archive on my home computer.

Re:recommendations? (1)

sTalking_Goat (670565) | more than 9 years ago | (#12762464)

I don't bother. I've got 3 levels of password security.

Low level has 3 different passwords I use.

Intermediate level has 3.

High has a unique for each account but I only have abour 4 accounts that qualify as high

so at any given time I need to remember about 10 diferent passwords, which aint that hard. High level passwords get changed every few months. Intermediate about once a year. Low I couldn't give a shit.

Its worked for me so far.

Google groups (2, Funny)

jusdisgi (617863) | more than 9 years ago | (#12762221)

No, no, just post them to Google Groups! That way you can always get back to them no matter where you are!

Re:Google groups (1)

zerbot (882848) | more than 9 years ago | (#12762280)

Heh, I do store low value passwords in gmail.

Re:Google groups (4, Interesting)

Janitha (817744) | more than 9 years ago | (#12762298)

Ive actually done that... should I be shot? Not plain text of course, simply use a word shift encryption which can be easily deciphered by hand. I posted all my current passwords like that and it has come in handy quite a bit. (I also have posted same list on slashdot comments)

Re:Google groups (0)

Anonymous Coward | more than 9 years ago | (#12762347)

Wow you are smart! Man if only every one had brains like yours!

Re:Google groups (2, Funny)

tourvil (103765) | more than 9 years ago | (#12762406)

No, no, just post them to Google Groups! That way you can always get back to them no matter where you are!

Nah, just give your passwords to me. I'll email them back to you if you forget.

Has something changed in the past 2 weeks? (3, Insightful)

winkydink (650484) | more than 9 years ago | (#12762222)

Aren't all the reasons that this is a good/bad idea the same as they were then?

keepass.sourceforge.net (1)

greenskyx (609089) | more than 9 years ago | (#12762223)

Has anyone used this product at all? http://keepass.sourceforge.net/ [sourceforge.net] If so would you care to comment on using it?

Re:keepass.sourceforge.net (2, Informative)

winkydink (650484) | more than 9 years ago | (#12762278)

My experience with it is that it is ok. I'm not a raving proponent, but it works as advertised.

Re:keepass.sourceforge.net (2, Informative)

goofy183 (451746) | more than 9 years ago | (#12762283)

I use it and it works well. I started when I got an online banking account that wouldn't let me use my standard username. I had to have mixed case and numbers in both my username and password. I got KeepPass and now store everything in there.

It runs in my system tray and I can click, enter my master password and have access to all my passwords. It has also let me use long random passwords for my very important sites since I don't need to remember them any more.

Also you can use a USB key as part of the key to unlock the database so you have the something you know + something you have security.

Re:keepass.sourceforge.net (1)

suitepotato (863945) | more than 9 years ago | (#12762284)

So SourceForge now hosts a project to help me keep my ass? Cool. I was soooo afraid I'd lost it during the next project.

Keep ass? (2, Insightful)

Intron (870560) | more than 9 years ago | (#12762305)

Kiss your ass goodbye if you lose that password!

FP FP FP FP GNA GNAA GNAA (1)

31337NIGGER (798651) | more than 9 years ago | (#12762225)

FP GNAA ROX YOUR NUTS www.gnaa.us gay nigger association of merica

First Post (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12762226)

First Post

Router Passwords (1)

Carrion Creeper (673888) | more than 9 years ago | (#12762228)

For routers themselves, I write the password on the surface of the router itself with my handy alcohol pen. That pretty much solves that problem.

Can I take a walk through your wire room? (1)

davidwr (791652) | more than 9 years ago | (#12762390)

If I can and I am *evil* then "All your routers are belong to us."

If your routers are behind lock and key, then this is a good solution.

Re:Can I take a walk through your wire room? (1)

MrLint (519792) | more than 9 years ago | (#12762462)

well this goes back to physical access is full access. If you are going to write down some passwords and someone physically comes in, most ppl would be worried about the physical theft then the paper with the passwords on it.

If someone is rummaging around looking for your password list, you have bigger problems to come than just a stolen computer. Like corporate spying.

sound reasoning? (2, Insightful)

rd4tech (711615) | more than 9 years ago | (#12762229)

which ran a few weeks back, and which has some pretty sound reasoning behind it.

I do believe that there is also "some pretty sound reasoning" when the users decide to share their whole drive together with the passwords on P2P. I mean, by doing that, one can sleep peacefully knowing that his password is redundantly stored, for the next n years.

Give me a break. Security is designed by the need for it. There is a need to protect your email password because even email has a legal standing as a form of communication. Same goes for your personal and work files.

Re:sound reasoning? (1)

kokoloko (836827) | more than 9 years ago | (#12762405)

Security is designed by the need for it.

Can someone please explain this? I've head that necessity is the mother of invention, but this sounds like parthenogenesis.
The need to remember your password is no less vital than your need to remember them. How come this problem hasn't designed it's solution yet?

write them down without detail.... (1)

super_ogg (620337) | more than 9 years ago | (#12762230)

When you write them down, don't put any login association with the word. Worst case, you have to enter a bunch of passwords in to check which one is right.

One peice of paper with several words on it won't mean anything to someone who gets a hold of it.
ogg

Re:write them down without detail.... (2, Insightful)

Daniel Baumgarten (645894) | more than 9 years ago | (#12762415)

If you're a pocket-picking cracker with common sense, you'll probably realize that "Hey, this business card with nonsensical combinations of letters and numbers scribbled on it might actually have some sort of significance." Or maybe the owner just has an ASCII fetish.

Disassociating the passwords is of course a good idea *if* you must write down your passwords because this way if you just lose it, no one will know how to use the information. It doesn't protect you from a thief, however.

It Depends... (1)

Deinhard (644412) | more than 9 years ago | (#12762234)

Honestly, it really depends on where you write them. If you keep them secure, then you're okay. Personally, I keep all of my passwords in a protected file on my Tungsten.

However, if you're prone to writing them on PostIts and sticking them to your monitor...

Re:It Depends... (1)

Darkman, Walkin Dude (707389) | more than 9 years ago | (#12762429)

I found this lovely old notebook from the 1920's, tall, wide and deep, with yellowed pages, embossed wood-backed smoky leather finish, and ruled. I was looking for something great to do with it, something really special, and then it hit me: use it as a hardcopy for all of my usernames and passwords. Losing this would be sacrelige, and thats even without the content. So wherever you store your passwords, make it somewhere that you would hate to lose even if you didn't store valuable information in it.

I don't usually (1)

m85476585 (884822) | more than 9 years ago | (#12762240)

I use Password Safe [sourceforge.net] , but I write down things I need to access from multiple computers (like my router's password). I also try to keep a written copy of everything somewhere safe.

Re:I don't usually (1)

kat11v (848737) | more than 9 years ago | (#12762369)

There are some passwords that I think *must* be committed to memory - those being your ATM card pins and a couple others of that sort. Basically the ones that are really really important.
The rest (work account passwords of which I have about 10, which tend to follow different rules and are reset every month with no chance of reuse until the 10th iteration) I write down and put in my wallet. Usually that will be the most secure and guarded possession you will have on you. So why not. It's better than picking obvious easily guessed passwords. And you're less likely to have someone at work going through your wallet than just glancing around at the post-it notes on your monitor.

All of my passwords... (1)

Ralphus Maximus (594419) | more than 9 years ago | (#12762241)

Are written down. I just can't remember where.

Cheers,
RM

Common sense! (2, Insightful)

timthorn (690924) | more than 9 years ago | (#12762242)

In your own home, who else is going to find a piece of paper with your password on? For a router that you configure and forget, writing down the password sounds reasonably sensible to me.

Re:Common sense! (1)

bwcbwc (601780) | more than 9 years ago | (#12762314)

And if someone breaks into your house, they'll just steal everything and hit the magic reset button on the router anyway. So unless you have a teenager who likes to hack your network for purposes you disapprove of, there's minimal risk. It's probably safer to keep the password in a file cabinet than it is to keep it in a password-minder on the computer.

In a corporate setting, though...completely different story.

NEVER!!! (0)

Anonymous Coward | more than 9 years ago | (#12762246)

If I can't remember four simple letters, then I don't deserve to watch my pr0n.

Re:NEVER!!! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12762316)

i just hacked your pr0n. hey everybody, his pass word is DICK!

looks like he's got quite a collection of mom-and-son pr0n!

Re:NEVER!!! (0)

Anonymous Coward | more than 9 years ago | (#12762434)

I dont password-protect my pr0n. usualy my hands are too er.. uh.. busy to bother with a keyboard.

Personally... (2, Interesting)

technomancer68 (865695) | more than 9 years ago | (#12762255)

I don't write them down because I generate passwords with a little app that I wrote that scrambles together 2 or 3 passwords I can remember and generates a upper/lower/number/letter/symbol password for my usage... but I don't see a problem with writing down a password. I would probably keep it in my wallet or whatever and not just have it laying around. Maybe even do something clever like make all the consanants upper case and the vowels lower case but write it down in reverse, or add two to the numbers and keep all numbers 0-7 .. you could get clever with it and still keep it simple to decode.

it's in my wallet (2, Interesting)

udderly (890305) | more than 9 years ago | (#12762260)

I figure that it would be a lot safer to have a secure password in my wallet than an insecure one committed to memory.

However, I imagine that there's merits to both sides of the argument.

Re:it's in my wallet (3, Funny)

Antonymous Flower (848759) | more than 9 years ago | (#12762373)

would your password be 'trojanman' or 'lifestyles', by chance?

Yep (1, Insightful)

spydir31 (312329) | more than 9 years ago | (#12762263)

I write my passwords down, most of them anyway, on my Palm, using Keyring [sourceforge.net] .
Everything's protected by a master password and triple DES, so it's fairly secure.

Even better - KeePass (2, Insightful)

Draknor (745036) | more than 9 years ago | (#12762264)

I found out about KeePass (http://keepass.sourceforge.net/ [sourceforge.net] ) on that previous story, so I've started using it. It's a very handy utility to have! It can keep track of all my passwords for various email accounts, websites, etc. It's a simple program that (based on my experience so far), just works!

If you wanted portability, you could keep your password database on a USB memory drive and carry that around with you.

I see that they just released 1.0 on June 4th - congrats!! I highly recommend people check it out!

discourse on the method for proper pass storage (1)

Antonymous Flower (848759) | more than 9 years ago | (#12762268)

write down my password? ha! I have mine tattoo'd. In fact, all I need is a speculum and a magnifying mirror to retrieve it. it was the best i could come up with, other than Zaphod Beeblebrox brain-brand style. but that is just BIZARRE, you know?

Write them online (1)

dotslashdot (694478) | more than 9 years ago | (#12762271)

I like to write them down in my Slashdot journal so I can access them from anywhere.

Re:Write them online (1)

JFitzsimmons (764599) | more than 9 years ago | (#12762334)

Liar.

Re:Write them online (1)

Radres (776901) | more than 9 years ago | (#12762348)

Sorry, the requested journal entries were not found.

Forgotten Safer than Lost (0)

Anonymous Coward | more than 9 years ago | (#12762275)

My mom likes to be "organized" so she would write her online financial passwords (controlling access to most of her retirement savings) on post-it notes stuck on the wall next to her computer. After one of her friends came for a visit and used my mom's computer to check email, my mom decided it would be safer to keep her passwords in little black book. That worked pretty well until she took the book with her on a plane trip and stuck it in the seat pocket in front of her and forgot to take it with her when she left the plane. Later, when she told me the story I was like, "You know, it might not be a bad idea to change your passwords." and she was like "Oh, now that you mention it, maybe I should."

I suggest writing them down then... (1)

demonic-halo (652519) | more than 9 years ago | (#12762281)

I suggest writing them down then, locking then lock them in the safe, then lock the key in a safety deposit box.

It's not writing them down is insecure by it self. It's just your office isn't secure.

this seems like it MIGHT not be a bad idea.... (2, Funny)

shoblime (890339) | more than 9 years ago | (#12762282)

....because to get all your passwords, the l33t after-school hackers would have to *gasp* leave the basement, and presumably do some breaking and entering to get your list...

Archival passwords (1)

jd (1658) | more than 9 years ago | (#12762288)

For archival use, it is OK to use the same password on a consistant basis, as the files are likely not to be as vulnerable to direct physical access. However, any thief who broke in and stole archive tapes would almost certainly steal the notebook beside it marked "archive passwords".


There are those who do leave their front door key under the mat, but even they don't hang a bloody great sign on the door to remind them where it is.

Different user base = different rules (1)

dragon_imp (685750) | more than 9 years ago | (#12762300)

Corporate rules to not write down passwords aren't pertinent to home users. Sure, you don't want your kids to know the password for the childproofing software, nor do you want them to know your bank password.

You will forget it one day. (1)

Tribbin (565963) | more than 9 years ago | (#12762307)

This week I wanted to log in to an old ICQ account to retrieve some old friend's information. I forgot the password for ICQ I though I would never forget. The hotmail account's password for password retrieval for the ICQ number I also forgot because I used to used it for subscriptions only.

Over time your brains dump the information it does not use. Write the passwords down and secure the them physically.

Passwords? Blog 'em! (3, Funny)

otisg (92803) | more than 9 years ago | (#12762310)

Hide them where cr@ck3rz will least expect them - your blog!

Dumbness (2, Insightful)

shipwreckedkenny (863099) | more than 9 years ago | (#12762312)

Writing the passwords down is good for remembering, and that itself is not what makes it a security issue. It is writing it down and leaving it for someone else to find that is bad.

A year back at my old school, a teacher left her password for school network access taped to her monitor. A student found it used that to take down the enire network. Took down everything from the entire school's grades, email, library system and of course internet access.

I write mine down. (1)

zymano (581466) | more than 9 years ago | (#12762319)

I also have some written in files on Yahoo and google's email files. Nothing important though.

If it's important then I will keep it separated in paperwork.

Either that, (3, Funny)

Scud (1607) | more than 9 years ago | (#12762321)

Either that, or call the help desk like I do.

They always seem to know what it is.

We're on a first name basis.

My ISP gave me my password (1)

davidwr (791652) | more than 9 years ago | (#12762439)

I was royally ticked. They should've known better.

Granted, I was calling from my phone-of-record but caller-ID can be faked.

Most help-desk people will reset your password and find some way to get it to you.

As with everything, it depends.. (1)

deacon (40533) | more than 9 years ago | (#12762322)

Where are you writing it? On a whiteboard in your cube, or on a card in your wallet?

Is the username with the password?

Did you munge the password you wrote down by some scheme known only to you? (example: first character of password is off by one position [ a becomes b], last character is off by the number of characters in the pw)

Is your choice between a simple pw like "kitten" which you remember, or "z0rtvoid-numrut" which you write down..

I do write down pw's, after having forgotten a root pw twice and having to edit a shadow pw file.

Good luck to anyone finding my written pws to find out how to use them, though.

Context! (3, Insightful)

coyote-san (38515) | more than 9 years ago | (#12762336)

Should you drive on the left hand side of the road, or the right hand side?

Despite what some people seem to think, there's no "right" answer other than following the context. I live in the US and routinely drive on the left hand side of the road... on one way streets where I'll be turning left soon. I've done it on interstates... where the right hand lanes were closed due to construction and the oncoming traffic was moved onto the access road.

Writing down passwords is the same deal. It's a Bad Idea in your cubicle. It's a Cause For Termination Idea if you're a sysadmin.

But on a router at home, or in a locked wiring cabinet? It's a damn good idea. On a card in your wallet, especially in that zippered compartment so it can't accidently slip out? Good idea, unless you routinely leave your wallet unsecured. In which case you're an idiot with bigger problems than just writing down your passwords.

What a crap article (0)

Anonymous Coward | more than 9 years ago | (#12762340)

# Avoid sending personal information over the Internet. Credit cards are a particular risk: Use a well-known payment system such as PayPal, or send credit card numbers and the expiration date in separate email messages, etc.

Paypal is better than a credit card for security?!

WTF? (1)

christoofar (451967) | more than 9 years ago | (#12762343)

Sounds like something I would see on www.thedailtywtf.com .... not on Slashdot.

Keep them secure (1)

m85476585 (884822) | more than 9 years ago | (#12762344)

Be sure to use very strong encryption, like ROT-13.

Writing them down depends on the environment (1)

suitepotato (863945) | more than 9 years ago | (#12762345)

And by environment I mean the work being done using those passes as well as where the machines are versus the passwords written down.

For instance, I never write down my PGP passwords and take advantage of the long passphrase feature to use long but easily remembered phrases memorable only to me personally. Why would I leave a PGP password where anyone could get sensitive financial files decrypted?

For IM and such, I often do write them down, but keep them altogether in a place so safe, even I can rarely find it. : )

Okay, that was partly a joke. I have a secured storage place where I keep those passwords that are to things that aren't extremely important, but a pain in the backside to do the forgotten e-mail password routine when I restore a box.

I'd love OS-independent USB keys with password challenge ability to replace much of the passwords I have to remember.

Could be (4, Insightful)

Have Blue (616) | more than 9 years ago | (#12762346)

Well, how good is your physical security?. If the system will be accessed from an environment where there are likely to be unauthorized people wandering around all the time (large office, public area, etc), then don't write it down. If the system will be accessed from a place that only people you trust have access to (home), then it's not a danger- and if your home is ever compromised, having your router password in plain sight is the least of your worries.

Also in Crypto-Gram (2001) (2, Informative)

Bruce Stephens (6634) | more than 9 years ago | (#12762349)

May 2001 Crypto-gram [schneier.com]

What I do.... (1, Interesting)

Anonymous Coward | more than 9 years ago | (#12762350)

I use the "key+computer" convention.

Every so often, I make up a new "key." This may be the name of a friend, my favorite TV show, or whatever.

For each new or changed password, the password is key+nameofcomputer or key+nameofservice.

I also change o's to 0's and i's to 1's.

For example, next year my /. password may be
StarTr3kSlashd0t
and the year after that
Battl3starGalact1caSlashd0t.

This way, I only have to remember the current and previous "master passwords."

For really important passwords, like those an employer or spouse may need, I write them down and put them behind lock and key, and make sure the people who will need access will have access when they need it.

Yeah I'm an anonymous coward for this, for obvious reasons.

of course! (1)

brickballs (839527) | more than 9 years ago | (#12762356)


I thought everybody knew that post-it notes on the bottom of your keyboard are the only safe place store passwords!

Re:of course! (1)

m85476585 (884822) | more than 9 years ago | (#12762461)

I prefer post-its on the back of a CRT.

I write down all my passwords... (1)

xiando (770382) | more than 9 years ago | (#12762357)

.. in one now very huge text-file. The text-file is encrypted with a long master passwords which I hope I will never forget, because if I do, I am screwed. I use Another Password Generator http://www.adel.nursat.kz/apg/ [nursat.kz] to make random passwords for every new service I encounter, so no two services have the same password.. and they all look like tajEbAmAb or something. The way I do it limits me to using a lot of services from home, but it does give me good security and allows me to only remember that one password for the text-file.

writing down passwords.. (1)

Vellmont (569020) | more than 9 years ago | (#12762365)

I think it depends on the environment. Is your router in a secure enough location that writing down the password and taping it to the bottom going to make it secure? If so, then by all means do it. This also allows you get select better passwords that you don't have to remember. Personally I think selecting a good password and taping it to the bottom of the router is far more secure than selecting your house number, or dogs name and not writing it down.

Netgear routers are inexpensive, and low on features and are generally bought by individuals, and small businesses. They don't have super-high security needs, so the physical security of the router itself is usually enough. If you have physical access to the router itself, you could just as easily push the configuration reset button on it, or steal the router and replace it with a duplicate.

Writing them down (1)

CardiganKiller (854899) | more than 9 years ago | (#12762367)

I generally tend to write down the more obscure ones in my desk where I work (which is at 552 W. Cou... oops).

But I write them out of context, meaning I don't write down the username or system they're for (unless they're associated with my standard login name, and I have those memorized). If I'm especially paranoid about certain ones, I just hide them or obscure them in an easy to remember way.

Get Oubliette (0)

Anonymous Coward | more than 9 years ago | (#12762370)

If you are at all concerned about security and want to follow best practices and only have to remember one password...

http://www.tranglos.com/free/oubliette.html [tranglos.com]

I once had a customer... (1)

Tribbin (565963) | more than 9 years ago | (#12762374)

I once had a customer at the gassstation where I worked who had many plastic passes with all different passcodes.

On the passes he had post-its.

I asked where they where for.

He showed them to me. It were tables with mostly arbitrary numbers in the cells. He only had to remember the combination of cells to recover the code from the pass with the post-it on it.

being inventive is sine qua non (1)

adbudha kusu (658867) | more than 9 years ago | (#12762382)

I've represented the password to my Wells Fargo bank account in numerous places...even on my monitor. All I did was sketch a kitten on fire. Another upside is that the drawing is sexy.

I just.. (0)

Anonymous Coward | more than 9 years ago | (#12762385)

For random passwords I pick something within sight of my desk. That way one quick glance can 'reveal' my password to me and no one else. (I'm not talking passwords like 'mouse' or anything but I've used the manufacturer name of my mouse before)..

Jon Udell: Simple single sign-on (4, Interesting)

otisg (92803) | more than 9 years ago | (#12762386)

See Jon Udell's
Simple single sign-on [infoworld.com] article from May 2005:

It points out a few simple solutions that will solve many people's problems.

Tabular sheet record. (1)

rice_burners_suck (243660) | more than 9 years ago | (#12762393)

I have them on a tabular sheet, slightly encoded in a unique method that I invented for myself. I store this sheet in the safe deposit box at the bank. I am very careful when transporting this information around, but other than that, if the crooks manage to get into the safe deposit box, I've got much bigger problems than some passwords to pr0n sites and such.

It entirely depends (1)

FinchWorld (845331) | more than 9 years ago | (#12762394)

If its for you're router, why not, what are they going to do? Block port 80? Just use the reset button on the back and spend a while reseting it.

If its for a big company server you're going to want to keep it in a vault or something if you *must* write it down. But then again, you coul keep an old laptop full of passwords in a vault.

Low Risk (1)

BigZaphod (12942) | more than 9 years ago | (#12762399)

Writing them down is low risk assuming you're not using the password to keep someone on-site from accessing your data. In general, for something like a wireless access point, who cares if it is written down on a scrap of paper someplace? Most of those passwords are there to prevent external people from getting on your network or changing the config. Generally those people are trying to get in remotely. They'd have to break into your house to read that scrap of paper just so they can log into your AP. That's a lot farther then you average script kiddie is going to go. If you have real honest reason to fear that someone could break in just to find your online stock password written on a Post-It note, then I'd suggest you're probably in a financial position where installing an actual building security system would be well within your means--in which case once again, writing your passwords down wouldn't really be much of a risk unless you happened to leave the note sit out so that the cleaning lady could snatch it up or something...

Yes, it makes sense (1)

Eminence (225397) | more than 9 years ago | (#12762414)

We are so much into digital age by now that writing something on paper with a pencil makes it much more secure than any computer files, because to read it you have to get physical access to it. And for preventing this or detecting it took place there are numbers of excellent methods evolved over centuries.

If you write your passwords skillfully (for example, coded in even a simple way, scribbled amongst some other notes in your telephone directory or small paper notebook) chances anyone would get to them without you knowing about it are close to none. Especially so if you are a normal citizen and have no reasons to expect any government intelligence agency has developed a specific interest in you.

All those Big-Brotherish surveillance techniques work miracles, but only against electronic media. They are totally useless against a note scribbled on a piece of old fashioned paper.

Write them down (1)

t_allardyce (48447) | more than 9 years ago | (#12762420)

Just don't post-it them on your desk or computer and don't write "Password for xyz.com"

Webmail + symetric crypto (1, Insightful)

Deagol (323173) | more than 9 years ago | (#12762425)

I have, burned into my brain, a handful of passwords. A few are low-security passwords I use for throw-away or low-security internet services (one-time gmail accounts, Netflix, Slashdot, K5, etc.), while the others are used for sites needing moderate security (my 2 online bank account, etc.).

Then I have a few *really* strong passwords that I use to encrypt text files holding passwords that either belong to myself or other entities (customers, etc.) using GPG's symetric method. I retain copies of these files locally, but I also store them for safe keeping on my primary gmail account.

Trust me -- nobody's guessing the hard password, nor is it brute-force-dictionary crackable. Unless there's a major breakthrough in cryptanalysis or quantum computing, my files are safe for a good while.

No, I'm not arrogant. But I think I go through the hoops that a "normal" person need go through for securing this kind of stuff. My adversaries don't include the US Gub'ment, multinationals, or other countries.

Like anything else (5, Insightful)

wowbagger (69688) | more than 9 years ago | (#12762432)

The security of writing down passwords depends upon the security of the paper they are written upon.

If you have a router/firewall on your Internet connection, and you write the password(s) to the router on a piece of paper taped to the router, then you are not really reducing your security - if the bad guys are in the room reading the password you are already in trouble.

However, if you write your workstation password down on a piece of paper under your keyboard, and other people can reasonably be expected to have access to your office, then you are greatly reducing your security. If, on the other hand, you have your password written down on a piece of paper you keep in your wallet, then the reduction in security is fairly minimal - especially if there is nothing in your wallet that would lead the bad guys to your workstation.

see also Bruce Schneier (1)

tonythepony (716819) | more than 9 years ago | (#12762443)

Bruce Schneier also reccommends this - see this [schneier.com] and scroll down to the paragraph on passwords. I actually use GPass [sourceforge.net] , which I like a lot. I remember one long random password and make sure to back up my data file to a second hard drive. The ability to copy usernames and passwords to the system clipboard is nifty.

Get a keyring (4, Informative)

26199 (577806) | more than 9 years ago | (#12762444)

A real, physical, password keyring. ThinkGeek has some rather expensive ones, but they'll definitely do the job. I have one of the earlier (cheaper) keyrings from the same company, and it's wonderful. I have strong passwords, I don't have to worry about forgetting them, and they're secure.

Good passwords.. (1)

IdleTime (561841) | more than 9 years ago | (#12762453)

Can someone recommend a good new root password for my box? LOL
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>