As a security wonk, it's not all that uncommon to have head-desk moments with ideas about security that permeate popular culture. Take for example the most recent installment of the James Bond movies, which had a computer-hacker-ish moment in one of the chase scenes. Although I'm sort of a huge fan of James Bond, I found myself needing a distraction until the scenes were over, so that I could continue to enjoy the movie without upsetting fellow movie-goers with a lot of derisive snorting and grunting. And don't even get me started on movies like "Firewall" and "Swordfish!" I think the only movie about people using computers that didn't leave me with a headache was "Untraceable," but I digress.
The most recent pop-culture thing to give me a giant, bruising headache is "Password Books."
This can't be serious. pic.twitter.com/B83hq4JfxS
— Megan Horner (@meganHorner00) September 17, 2013
This trend even captured the attention of Ellen DeGeneres, who amusingly raised awareness of password security issues with her TV audience. Ellen humorously showcased a spoof product that claimed to solve password security problems created by unsecured password books, with what she called the "Internet Password Minder."
Check out her video below:
Ellen didn’t think the Internet Password Minder was protected enough, so she came up with the Internet Password Minder Protector, but since that needs a password she came up with the Internet Password Minder Protector Minder.
I understand, remembering dozens of passwords is hard. Really hard. People have all sorts of tactics for getting around this. For instance, using one password for everything, letting the browser remember everything, coming up with elaborate methods for making unique passwords per site, running a password manager app, or as Ellen DeGeneres comically suggests, using the Internet Password Minder Protector with the Internet Password Minder Protector Minder to secure the Internet Password Minder. All jokes aside, the one tactic that we would highly advise against to remember your passwords would be writing them down in a book clearly labeled "HEY GUYS, PLEASE STEAL MY PASSWORDS."
Writing your passwords down is a really bad idea, especially putting all of them in one location, and I strongly advise against this. But then, so is using weak or redundant passwords. And I know if you're reading this, you almost assuredly understand how and why that's bad. But if we're talking lesser evils, and you're trying to talk some aging relative or security-averse friend out of absolutely shooting themselves in the foot, here's what I would say: pick a random page in the middle of a very nondescript notebook (don't dog-ear it or bookmark it, please) and write down a password hint. Not your actual password. Just something that would remind only you what your password is.
Say your password is "Garf!3ldRulz,0d!3Dr00lz." You could write something like, "Yay lasagna, dog slobber." At worst, if the password notebook lands in the wrong hands, the person staring at the pages of password-hints could make a few guesses, which might be enough to cause them to lock the account rather than just letting them waltz right in. But if writing your passwords down in a notebook gives you the heebie jeebies, a good solution is to use a password manager to protect your passwords.