John Hasler <john@sugarbit.com> wrote on 20/03/2024 at 19:35:42+0100: > Pierre-Elliott Bécue writes: >> My home sees plenty different people coming in. Some I trust, some I >> trust less. Also videocalls is a nice way to get a paper password >> recorded (and yes it happens). > > I keep my passwords in a small book the size of a passport and I > secure it the same way I secure my wallet. And yet your digital persona is less secure than if you didn't do it. > No visitor is going to get access to it If you indeed put your wallet in a safe, then I can understand this statement, otherwise it's just overly optimistic. > and no video call would get a look at it (if I did those). Bruce > Schneier recommends this approach. Most people are going to use > crackable passwords if you insist that they memorize them. You can't > stop that by yelling at them. Bruce is excellent, I don't know whether he actually stated what you said, but even if he did, being excellent doesn't mean that whatever he says is golden. And remembering a passphrase is easy, not easily crackable if well chosen, and you don't actually need to remember more than two of them (let's go with three if you have a PGP key). > I use a password manager for non-critical passwords, but I also write > them down in my password book. I don't want to lose them in a disk crash > and I won't store anthing important in the "cloud". And then, backups were invented. > The never write down a password rule originated back when you only had > one 6 or 8 character password which you used to log on to the VAX via > the VT100 in your cubicle. People would stick a slip of paper with > their password on it under the keyboard where the janitor could get at I don't know whether this is true or false, and it doesn't really change a thing. As the other subthreads I'll leave things there, feel free to defend one more time a bad practice regarding password management if you feel like it. -- PEB
Attachment:
signature.asc
Description: PGP signature