Reviews. Security & Technology Experts comments on the preferred use of “offline” solutions such as password organizers or writing passwords down in a book.
In his “Crypto-Gram” newsletter, Mr. Schneier proclaims:
“Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We’re all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.” (Source)
Speaking at a conference hosted by Australia’s National Computer Emergency Response Team, Johansson stated that the security industry has been giving people the wrong advice by telling them not to write down their passwords.
“I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them.”
He went on to say,
“Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it. If I write them down and then protect the piece of paper–or whatever it is I wrote them down on–there is nothing wrong with that. That allows us to remember more passwords and better passwords.” (Source)
Dr. Whitfield Diffie – Chief Security Officer, Sun Microsystems
During the annual RSA Conference, Dr. Diffie delivered a one line statement from the Cryptographers Panel.
“Write down your passwords; your wallet is a lot more secure than your computer.” (Source)
Microsoft Safety & Security Centre – Recommendations for Strong Passwords.
“Whenever possible, use eight characters or more. Don’t use the same password for everything. The greater the variety of characters in your password, the better. The easiest way to ‘remember’ passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place.” (Source)