[Cryptography] Of writing down passwords
Abe Singer
abe at oyvay.nu
Mon Sep 22 19:35:48 EDT 2014
On Mon, Sep 22, 2014 at 03:41:54PM +1200, Peter Gutmann wrote:
>
> Finally a large organisation providing sensible password advice.
Just to flog the sentiment to death:
The dogma against writing down passwords is one of the worst things that
security practitioners have continued to promulgate, and by "worst" I
mean in terms of impact on effectiveness of security (second only to use
of firewalls, but that's not a crypto discussion). To tell users that
they have to have a password that by definition is hard to remember, but
they're not allowed to write it down, goes against all usability notions,
and invites the crappy password choices that really do cause problems.
The threat model regarding writing down passwords is non-existant or
at least grossly overblown in most contexts; it *was* a big deal in the
military (from whence the recommendation came), where internal espionage
was obviously a big deal. I think in general if you have to worry about
the guy in the next cubicle stealing your wallet to get your passwords,
you've got much bigger problems.
My goal is to have a policy that has my users getting one really strong
password that they never have to change, and they're allowed to write it
down and keep it in a reasonably safe place.
More information about the cryptography
mailing list