You must log in or # to comment.
Self hosted and air gapped.
Quantum proof
Honestly, a physical password book isn’t a bad idea.
Not accessible via the internet, and in most cases if someone has physical access to your system you’re done for anyway.
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
Yeah, my in-laws have such a book and it honestly is great. They live in their own flat where nobody can access the book without breaking in. They do not save their passwords in their browser, so anyone hacking into their PC can’t grab them. If they want to login into an account, they take out their book, put in the user name and unique password and that’s it. Quite the good method and I really do not see many problems there.
“People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down.
We’re all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Obscure it somehow if you want added security: write “bank” instead of the URL of your bank, transpose some of the characters, leave off your userid. This will give you a little bit of time if you lose your wallet and have to change your passwords. But even if you don’t do any of this, writing down your impossible-to-memorize password is more secure than making your password easy to memorize.”
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
I disagree. Using this book will always lead to shorter passwords that are easier to type. That’s the main weakness imo.
Or in other words: it really depends what the user fills it with. It should be accompanied by a little machine that spits out random passwords, I’m thinking a rubics-cube-shaped bling pendant at the end of the bookmark band.
Not at all. It will lead to easier to type passwords, likely. But that doesn’t mean shorter. This could easily be filled with passwords that are four words long with special characters interspersed.
Which you then have to type out every time. Laziness wins: they will be shorter.
The assumption is that the product is for non-savvy users. They might not even understand what you wrote up there.
Autocorrect can help here, but dictionary words are easily
brute-forcedguessed. And - more importantly - that hypothetical user would have to come up with that idea in the first place. But people who come up with such ideas usually already use password managers anyhow.Several dictionary words in series cannot be “easily brute forced.”
You’re out of you’re depth and saying stupid things.
Using special terms wrongly doesn’t mean I’m clueless, cryptobro.
So far the combined might of the Russian, Chinese, American and North Korean hacking teams have been unable to crack the post-it note on my desk.
now they know where to look.
If they’re in my apartment I’ve already got bigger problems.
PSA: Home use? That’s probably okay. Work use? If you’re in-office, this is a ticking time-bomb that can get you fired, one way or another. Use the company 1password or whatever you have access to, please. Thank you.
In my office I have a list that says passwords all nonsens and just as a decoy. I have a system that I use for rotation woth a visual reminder (by association, not directly) somwhere in my office
we might laugh at this but I think this is useful. Even though I wouldn’t use something like this and I’d just use a regular dedicated blank notebook and my password manager, it can be useful to people who have problems with computers and can’t handle a password manager, yet may give pages with good templates to show how to record sensitive information.
Best option for non techies at home.
I’ve not found anything better. Storing on my computer, or worse someone else’s computer, doesn’t seem safe.
The trick is to use code language, and don’t forget the code. Then you can use digital sources more freely, I feel.
It really depends what the user fills it with. “Clever” solutions like using your daughter’s birthday, or other hard-to-remember-but-easy-to-deduce strings.
It should be accompanied by a little machine that spits out random passwords, I’m thinking a rubics-cube-shaped bling pendant at the end of the bookmark band.
Oh yeah, this is for my in-laws. This is peak boomer tech right here.
Of the 200 elderly I see maybe 75% still use the book or a variation of it.
The best is when they use iPad notes or even their fucking contacts to save info lol
Keeepass, simple and easy to use! https://keepassxc.org/
For a lot of people at 60+, writing things down is easier and safer. It will also help anyone that would need to troubleshoot or in the event of death in a very simple way.
i got bitwarden
Sure, it’s a horrible idea in an open office environment but if someone wants to use this at home for all their passwords it really won’t hurt anything.
This isn’t the flex you think it is, OP. 99% of cybercriminals are also cowards. Physical security of ANY kind beats even the best password managers.
If you don’t know what lattice-based encryption is and how to purchase it through NordVPN, start reading up because encryption as we know it isn’t long for this world. Pretty sure they already dragged their feet too long on Bitcoin’s algorithm but the day cracking common ciphers is within the grasp of quantum clusters is the day we all become Amish. Plan accordingly!
My understanding is that quantum computing has been taken into account for some modern cryptography. And that memory-hard cryptography basically defeats quantum computing solutions. There are a few methods, but one of them is just very long keys, it’s trivial to make a cryptographic key longer.
So sure, you could defeat some of that with a machine operating with 1024 entangled qbits, (which is… oh man… not an easy task), in which case, wow, congratulations. But what if I increase my key length to 100k? It might take an extra 3 seconds to check the key and log in, but it’ll take an extra 25 years for quantum computing to catch up.
Can’t wait to hand write my 32-bit passwords.
You haven’t changed your password for 30 days. Reset it now.
It’s actually super useful for old people, who sometimes like to “accidentally log off” and stuff.
That Web Addresses placement is killing me.
It’s infuriating! 😬
My mother uses something similar to keep track of her passwords for everything. While I prefer a password manager like Bitwarden or Keepass. I would rather her use a note book like this over something like Google or Apples password managers.
Or even worse, the same password for everything.
Honestly, for at home personal use, it’s better than any on device password manager. It’s not hackable. Someone has to break into your home and steal it. For an office environment though…worst way to handle it after sticky notes.
This isn’t even weird.
I think most security experts would recommend that you have your most important passwords written down somewhere, and then hopefully locked up in some safe or deposit box somewhere. You don’t need to buy an entire book for it, but some people like to spend money.
If this is for your less important passwords, then for the most part, writing them down is actually better. You won’t be as tempted to reuse your banking password for your social media. And some people like writing things down. A password manager is a better solution, but lots of people aren’t as good with technology and if they even let the browser remember it, they won’t know how to retrieve it later if they want to use a different computer, for example.
I have a letter in my safe in the event of my death that contains all my passwords and accounts. I have also slipped in a dead man switch that she’s unaware of that will wipe out my “collection of science”.
Does anyone else know how to get into the safe?
it’s a key entry, and yes.
