Security & Privacy

Just Say ‘No’ to Password Books

Posted on November 20th, 2013 by

As a security wonk, it's not all that uncommon to have head-desk moments with ideas about security that permeate popular culture. Take for example the most recent installment of the James Bond movies, which had a computer-hacker-ish moment in one of the chase scenes. Although I'm sort of a huge fan of James Bond, I found myself needing a distraction until the scenes were over, so that I could continue to enjoy the movie without upsetting fellow movie-goers with a lot of derisive snorting and grunting. And don't even get me started on movies like "Firewall" and "Swordfish!" I think the only movie about people using computers that didn't leave me with a headache was "Untraceable," but I digress.

The most recent pop-culture thing to give me a giant, bruising headache is "Password Books."

 

 

This trend even captured the attention of Ellen DeGeneres, who amusingly raised awareness of password security issues with her TV audience. Ellen humorously showcased a spoof product that claimed to solve password security problems created by unsecured password books, with what she called the "Internet Password Minder."

Check out her video below:

To make a point about just how silly password books are, Ellen DeGeneres took things even further down a comical path as she discovered that the Internet Password Minder also requires additional security:

Ellen didn’t think the Internet Password Minder was protected enough, so she came up with the Internet Password Minder Protector, but since that needs a password she came up with the Internet Password Minder Protector Minder.

I understand, remembering dozens of passwords is hard. Really hard. People have all sorts of tactics for getting around this. For instance, using one password for everything, letting the browser remember everything, coming up with elaborate methods for making unique passwords per site, running a password manager app, or as Ellen DeGeneres comically suggests, using the Internet Password Minder Protector with the Internet Password Minder Protector Minder to secure the Internet Password Minder. All jokes aside, the one tactic that we would highly advise against to remember your passwords would be writing them down in a book clearly labeled "HEY GUYS, PLEASE STEAL MY PASSWORDS."

Writing your passwords down is a really bad idea, especially putting all of them in one location, and I strongly advise against this. But then, so is using weak or redundant passwords. And I know if you're reading this, you almost assuredly understand how and why that's bad. But if we're talking lesser evils, and you're trying to talk some aging relative or security-averse friend out of absolutely shooting themselves in the foot, here's what I would say: pick a random page in the middle of a very nondescript notebook (don't dog-ear it or bookmark it, please) and write down a password hint. Not your actual password. Just something that would remind only you what your password is.

Say your password is "Garf!3ldRulz,0d!3Dr00lz." You could write something like, "Yay lasagna, dog slobber." At worst, if the password notebook lands in the wrong hands, the person staring at the pages of password-hints could make a few guesses, which might be enough to cause them to lock the account rather than just letting them waltz right in. But if writing your passwords down in a notebook gives you the heebie jeebies, a good solution is to use a password manager to protect your passwords.

  • Dagny Taggart

    Yesss! A password manager which you store on the cloud. That reduces the number of passwords you must remember or at least able to figure out to TWO. Not bad.

  • Usergnome

    Yes – store them in the cloud – what could go wrong with that?

  • Burl Clayton

    I use an encrypted file to store my passwords… so the only password I have to remember is the encrypted one.

  • Lourdes Welhaven

    Here’s a password book that doesn’t look like password book. It’s “hidden in plain view” Brilliant! http://www.amazon.com/The-Vault-Password-Organizer-Regular/dp/1500204390/ref=sr_1_1?ie=UTF8&qid=1409411803&sr=8-1&keywords=the+vault+logbook

  • Clinton Stacy

    One solution is to develop a simple cipher / formula that YOU remember ( such as removing the first three characters off a written password, i.e. seaworld-8192 really just means world-8192 ) and THEN you can put that in a notebook. Maybe someone can hack you if they physically TAKE your notebook and then you fail to change any passwords but for most of us who have no corporate or government security concerns, it works just fine.