[Cryptography] Of writing down passwords

Bill Stewart billstewart at pobox.com
Wed Sep 24 14:15:51 EDT 2014


At 11:45 AM 9/23/2014, Maarten Billemont wrote:
>And yet, as you point out, there is a real risk involved with 
>writing passwords down, especially when you do so in a non-physical 
>location (eg. iCloud notes, password manager).

The security you get with writing passwords down is inherently 
because it's physically written and kept in a physical location,
not on some electronic medium that could be cracked.
iCloud notes doesn't do that, password managers don't do 
that.  (Well, maybe a password manager running on a device that's not 
used for anything else could be similar, like that old Palm Pilot 
that's really going to stay air-gapped.)

>[password manager ...]
>The downsides are obvious: don't lose your single password and 
>computers can be monitored.

Keyboards can be snooped, and you have to assume any keyboard that 
you don't carry in your pocket is part of the threat model, and any 
device that connects to the internet is part of the threat model.



More information about the cryptography mailing list