Technology, Top News

Why notebooks for your passwords are not a great present idea

Passwords on Post It Notes near the computer? No. Bad move.

AS WE’RE consistently told, you shouldn’t use the same password for everything. The problem with that is we’re not all computers ourselves, and so we have to find a way of storing all the info.

Some people would argue the solution is a notebook. Take a look at Amazon this year and you’ll see there’s a market for whole notebooks to keep your passwords in analogue.

Good idea? Bad idea? I’ve always argued “yes”. Storing them offline is a much safer bet that storing them in the cloud. But a book with “Big Book of Passwords” on it, is a disaster area too.

Here’s one as an example.

Mark James, Security Specialist at ESET is very clear on the matter: “No, no and no! Everything about a physical notebook labelled “Logins and Passwords” should ring as many alarms as possible. With so many passwords for so many things, these days our digital life must be organised to keep it secure. The root of this idea is fantastic- the delivery, however, is the problem. We need an automated password manager, not a manual one.

“Of course we need to ensure only the right people get access to those usernames and passwords. If it were to be lost, then anyone finding the item would not be able to use the data to compromise your accounts. A notebook listed in alphabetical order loudly shouting “Logins and Passwords” is waiting to be lost or stolen, and with the plethora of password managers available, both free and paid for, they are the only real way of protecting your logins- all in place, searchable and in some cases able to check and warn you if you are re-using the same password which is an absolute no-no.

“We do need all the help we can get, but we also need to consider the dangers of stockpiling information that others could gain access to.”

Disguising something as something else is nothing new. Remember those books that were really safes? I think I had one that was supposed to be by “William Wordsmith”.

Fake tins of beans? It is possible to keep valuables safeish, but the point is to disguise them. Not put “THESE ARE ALL MY PASSWORDS AND PINS AND BANKING DETAILS” on them.

Bill Evans, Senior Director at One Identity tells a story of someone with just such a book:

“While shopping online for a relative of mine, I recently came across an item that BLEW MY MIND.  It’s, are you ready for this, a “personal internet address and password logbook.”  I kid you not.  An actual book with the words “password logbook” on the cover.  It might as well be called, “STEAL MY IDENTITY HERE” or “TAKE MY MONEY PLEASE.”

“As a security professional, I urge everyone to memorize your passwords.  It’s the best defence against stolen credentials.  But if you have to write them down, DON’T advertise their location by using a book that screams, “PASSWORDS HERE.”  And by all means, utilize multi-factor authentication everywhere you possibly can.  Don’t let the Grinch steal both Christmas and your identity during the same holiday season.”

Now, don’t take this to the bank (as it were), but we’d argue the answer lies somewhere in between. You can’t memorise 200 passwords. So here’s a halfway.

Use a blank notebook. Don’t label it with “my passwords”. Keep it on the shelf with the other books – no burglar is interested in your books, they’ll be after your TV and the stuff in your locked desk drawer.

Then, don’t explicitly write the name of the site, just an aide memoir, and rather than the password itself, write down a hint to it, that only you’ll understand.

Remember – Elliot Ness could only decypher Al Capone’s accounts with help from the bookkeeper. 

Do use 2 Factor Authentication. If you can use a mobile device to do it, or a FIDO key like the ones from Yubico – they even do a USB C one for your phone now.

There’s a lot of potential for melodrama here. But there’s also common sense. We’d agree – you need to change your password for each site, but don’t let it turn into a massive meltdown of numbers in your head.

Oh one more thing 1F Y0U C4N UND3R5T4ND TH!$ – 1T CL34RLY I5NT 53CUR3. µ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.