Write Your Passwords Down Here...
When I first spotted it, I didn’t believe it, so I kept on walking. My coffee cup was empty, I’d long since lost track of my wife, and my eyes were starting to glaze over after looking at a few too many self-help books.
I stumbled into the fancy notebook section of the giant Barnes and Noble that I found myself searching for my bride in, when something in my head made me turn back towards the table of books on clearance. There was a sign that proclaimed “Exceptional Values”. And there, in the middle of a mass of unsold coffee table books and brew your own beer guides, was a little black “Internet Password Logbook”. A sticker on the cover claimed that this book, like the others was an “Exceptional Value” and only $6.98!
I’ve been around the block a few times, and I’ve seen (and done) my share of dumb stuff, but this? This was special. For less than seven bucks, I can write down everything anyone would need to basically ruin my life all in one place. Not wanting to be judgemental or overly negative, I told myself, Josh - this might be a good thing. I mean it does say Exceptional Value on the cover. Maybe my instincts are all wrong.
With a handy book, one could write down all their passwords. I wouldn’t have to keep using the same one over and over again! P@ssword1 could be a thing of the past. That would be good. Right?
I don’t want to discourage anyone from purchasing their own Internet Password Logbook. Go ahead, buy three. Just don’t write your passwords down in them. Use them for writing poetry. Or solving complex algebraic equations. Invent your own sudoku puzzles, or copy down grandma’s recipes from those tattered old index cards. But please, passwords aren’t for paper. Any fool that stumbles by your desk can walk away with your everything and you’ll never know it. A quick photo of a few pages is all it takes. It’s like putting the family jewels out on the table and leaving the house (or office - or hotel room - or wherever else you use your passwords). Just plain crazy!
When I got home, I was stuck thinking about the book. I wondered if it was one of a kind, or just something I haven’t run into yet. So I went to Amazon. And low and behold, there are many, many options. My favorite is called WTF Is My Password….
If you ask me, passwords are for your head - yes remembering your passwords is back in fashion - just pick very long passwords (think passphrase. Stuff like “This is my very strong password for linkedin.com!” makes for a really secure password. It’s simple to remember, doesn’t take too long to type, and very hard for an attacker to ever guess.
Another option is to use a password manager. The folks at LastPass, Dashlane, and 1Password all make fine products. Pick one and use it. Let it choose and remember all your passwords. Just don’t go using your password manager on public computers where you can forget to logout, or worse, be victimized by a keylogger laying in wait on the machine.
In the future, hopefully we can all give up on passwords entirely. They are an archaic security control. They are a total pain for users. And they are a lifeblood of the cyber crime economy. And the tech is out there to do this. We just need the world to embrace it. In the meantime, if you see an Internet Password Logbook in the wild, please photograph it and share. We could all use a little laugh now and again.
Managing Partner at CTM Insights
5 年If you put all of your passwords in one place, that place has to be protected.? One good thing about a book is that it requires physical access for an attacker to exploit.? Password managers that store all of your secrets in the cloud (on a computer you dont own), even encrypted, presents its own risks.? At least there are still a few programs that provide the option to NOT sync with cloud storage.? Hadn't thought of it, but a book qualifies as well. A book would be more secure if it had unbreakable access control.? Maybe a rubber band holding it closed? ?? :-)
Product Marketing | Sales Enablement | Operational Excellence
5 年An old Ellen episode, with v1 ;-) https://youtu.be/Srh_TV_J144
VP | CTO | CISO | Cybersecurity | Web | Engineering | IoT | DFIR
5 年Makes sense for older folks. You get dementia or die, and now your family has no access to anything. $Diety forbid you have a cold wallet full of cryptocurrency. I have instructions hidden away so my wife doesn't end up living on the streets if I get hit by a bus. Also might make sense to have a buddy come over and clear out your browser history. A true friend would do this for you. =)
Sr. Product Manager
5 年You have to write the companion book: Private Keys Logbook. ;-)
Sr Information Security Analyst at InterContinental Hotels Group (IHG?)
5 年I recently changed passwords in all my +80 personal accounts (banking, utilities, emails, social media, etc). I tried but I can't remeber all of them, even if I use a Password Manager then that password needs to be super safe (most likely difficult to remember) leading back to the need of writing it down. Even the EFF acknowledge that some times you just have to write it down (just not in a Internet Password Log, I give you that) https://ssd.eff.org/en/module-categories/basics