Friday, November 22, 2013

Keeping a slip of paper in a secure place is inconceivable!

from here

Pardon the iconoclasm, but there's nothing inherently wrong with writing down your password. The trouble arises when you do so and then take no steps to keep the paper you wrote it on secure. What most envision when writing down passwords is writing them down on Post-It notes and sticking them to your computer monitor where anyone who gets access to your computer can find and read them. That is certainly the most popular scenario, but it doesn't have to be the only one. Years ago Bruce Schneier suggested writing down your password on a slip of paper you keep in your wallet (and I created something specifically for this task). That way the password would be as secure as your credit card.

Writing passwords down basically changes an information security problem into a physical security problem. The written down password essentially becomes a token, like a key for a lock. So long as people are aware of that, they should be able to deal with the problem effectively. People tend to have a better intuitive grasp of physical security than they do of information security, anyway.