Write Down Your Passwords 633
joeykiller writes "Microsoft's senior program manager for security policy, Jesper Johansson, presents a provocative but interesting view on password policy: He claims that prohibiting users from writing down their passwords is bad for security. His main point is that if users are prohibited from writing down their passwords, they will use the same easy to guess password everywhere." From the article: "Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it...If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords."
Bruce Schneier agrees (Score:5, Interesting)
You can't memorize good enough passwords any more, so don't bother. For high-security Web sites such as banks, create long random passwords and write them down. Guard them as you would your cash: i.e., store them in your wallet, etc. Never reuse a password for something you care about. (It's fine to have a single password for low-security sites, such as for newspaper archive access.) Assume that all PINs can be easily broken and plan accordingly. Never type a password you care about, such as for a bank account, into a non-SSL encrypted page. If your bank makes it possible to do that, complain to them. When they tell you that it is OK, don't believe them; they're wrong.
Re:Pseudo-Written Password (Score:1, Interesting)
Really? (Score:3, Interesting)
Maybe it's because people really just don't think they're that important. It'll probably take serious problems to change people's minds (like a theft of identity, or fraudulent charges, etc...)
And while we're on the subject of passwords, can we please get rid of those "change your passwords EVERY THIRTY DAYS!" systems? God...those have probably done more to propagate the phenomenon of writing passwords down than anything else.
Makes perfect sense (Score:3, Interesting)
Peter Gutmann said the same thing: you fear the hacker, not the guy stealing your PC.
http://computerworld.co.nz/news.nsf/nl/3F25D67E47
So, I'm probably not typical, but... (Score:4, Interesting)
Re:Passwords suck: simple solution: (Score:5, Interesting)
With a password, at least you can change it if it is compromised.
Authentication methods can all be broken down into the following categories:
1) Something you know (such as a password).
2) Something you have (such as a keycard).
3) Something you are (such as a fingerprint).
High security requires 2 or 3 of these things. However, most things are good enough with only 1 of the three..
Re:Really? (Score:4, Interesting)
Login credentials are often stored unencrypted on the server side, leaving your password open for compromise by any legitimate admin of that site or anyone who manages to hack into it.
Do you want to trust your single password that you use to all sites to the least secure of all the crappy web boards you've got an account on?
Re:I'll buy that piece of paper with some chocolat (Score:5, Interesting)
Re:Pseudo-Written Password (Score:5, Interesting)
Re:So, I'm probably not typical, but... (Score:3, Interesting)
Re:Really? (Score:3, Interesting)
And while we're on the subject of passwords, can we please get rid of those "change your passwords EVERY THIRTY DAYS!" systems?
Amen!
I have to try to remember a *lot* of different passwords for work. If they unified the logins on these tools, it would help tremendously. You can try to have the passwords sync up, but the reset time frames on them are all offset. I had to change my Corporate password 2 weeks ago, my windows password one week ago, and my network password on Friday. As a result, I've typed in the wrong network password first try almost every time today.
Another frustration is the 100% numeric password for voicemail. It used to change every month. I--and many others--communicate primarily with email. This translated into having to change the password every time we got a voicemail before we can listen to it. It appears that they have changed the reset time length to several months now. Probably because they were tired of resetting passwords for everyone all the time.
Re:Bruce Schneier agrees (Score:2, Interesting)
main login: ML7
mainframe access: I12
To me, these would tell me _exactly_ what the passwords were, but to a passer by, they are meaningless.
Re:Pseudo-Written Password (Score:2, Interesting)
Actually it's not too bad because it requires physical access. At my famous Educational Establishment, there's been a recent spate of hackers using weak passwords to gain access - all from off campus. Make it strong and keep it written down somewhere secure, and you're pretty much safe from the majority of abuses. Keep it hidden innocuously in a book or a file of boring documents, rather like a file in a cake.
Re:Passwords suck: simple solution: (Score:2, Interesting)
Which is quite easy [cryptome.org].
But you don't even need to do that - some scanners can be fooled into accepting the latent print you leave on it [bromba.com]. D'oh!
An authentication token that when used leaves behind all the information you need to construct a conterfeit - this is not something I want to rely on.
Biometrics is a fundamentally flawed scheme. A biometric is just a token that you can't replace (a scar on your finger? too bad), repudiate if stolen (I can lift your prints but you can't change them without pain), or use to separate priviledges (difficult to use a different thumbprint at the bank, at the library, and to open your car, unless you have interesting anatomy).
As for passwords, yeah, I've gotten to the point of having to write them down. I used to use only a few passwords - my login and root password, one common for low security sites, one shared one for a few sites I cared more about, and my on-line banking. But as sites put various non-sensical restrictions on password selection ("your password must contain two digits", "your password must not use any non-alphanumeric characters", etcetera), I've had to start writing them down.
"Something you are" reduces to "something you have". "Something you know", as you have to remember more and more things to deal with dozens of systems, reduces to "something you have" (that piece of paper with all the password written on it). It's all about the authentication tokens.
Re:Microsoft hard at work for security (Score:2, Interesting)
For example, the company I work for has strict policies for protecting passwords. We must keep our computer passwords in locked cabinets or we will face minor to moderate penalties.
Don't treat it like cash (Score:2, Interesting)
Just pick up any dollar bill. There's already a convenient unique password made up of alphabetic and numeric characters printed in the corner. For more important passwords use $5, $20, or even the good old Madison.
So if Jackson is on the $20 bill, what do 5 Jacksons make?
Almost, but not quite--here's what I do. (Score:5, Interesting)
I stego my passwords on a small card that I keep with me. Someone can get the card and they don't know what the password is for, and even if they did, they don't know what's the password and what's just a "junk character".
Nonsense (Score:3, Interesting)
For instance:
mama: no dates
The actual password, not written down, is "n0datez!" The machine this is for is the largest system you work on (big mama).
If using random strings, try to make it look like serial numbers; again the place or account to use this for should be hinted at (to you), not stated.
There are many, many ways to do this and be very secure. I once left a set of passwords and hints out in plain sight on purpose, just to see if anyone would recognize and try to crack them. They were never cracked, and I'm reasonably certain nobody even tried. They had no idea what they were seeing.
Re:So, I'm probably not typical, but... (Score:4, Interesting)
The only down-side is that I can't sync it with anything at home, but I generally don't have to update it very often, so when I do, I also write down the passwords in an encrypted text file on my home machine.
Re:Really? (Score:3, Interesting)
Think about it.
Re:Pseudo-Written Password (Score:5, Interesting)
So to resolve this issue I wrote the information using a simple rot-n algorithm with random keys. I wrote down all numbers (including rot-n keys, which looked just like the rest of the data) in my notebook and knew that if I had to use them, it would take me a little time but I could work it out, and if I were to loose the notebook, I could be pretty sure that noone would bother trying to make sense of a bunch of numbers written on the back cover - most likely it will be just tossed.
Obscurity combined with physical security makes things severely more difficult for a casual snooper. In the end it is a game of making the cost of figuring it out to be more that the desire to do so. Writing down key data, such as passwords, with a little obfuscation goes a long way.
-Em
Re:Microsoft hard at work for security (Score:3, Interesting)
I chose the quote from the summary because it worked best for what I wanted to point out. I did read the article (I always do, or I won't post against it)...
No biggy. I agree with your point we haven't found any scientific solution for morons yet, but that's sort of my point. If we let (as a policy) people just write passwords down, that little slice of moron-dom is the part that always bites us in the rear.
I know the article talked about securing the scrap of paper on which the password is written stowed, and secure, but my experience has been that doesn't happen. And, when combined with the policy that passwords be written down (he almost states they must be written down -- the exposure is greatly increased.
I'm not proposing any rebuttal or solution, I've always found the more oppressive a regime, the more determined hackers are to find a way in. I've been approached many times by the security organizations where I've worked to help them with their policies (I'm pretty good at hacking) and I've always declined -- I find it a difficult universe to exist in where no matter how hard you try, there are always people out there who break what you make.
Security in computers is a losing battle. It's an extension of our social makeup and there'll always be good guys and bad guys and there'll always be breaches. I just think what the article proposes is yet another proposal, and it adds little to overall real security.
By the way, I don't think this is at all a first, seeing a post modded +5 from a poster who hasn't read the article... I've seen a number of what are fairly obvious examples of that. Used to get my dander up, too, but I've come to accept sometimes the poster may have enough credible and useful to add to the discussion without having to read the article (though, not always :-)). And, again, for the record -- I did read the article.
Good feedback.
Re:Passwords are useless. (Score:1, Interesting)
Your 20 character password just means that they need a couple more 500gb HDs, that's all.
It wouldn't take all those years, now would it??
Re:STEGNAOGRAPHY is the answer (Score:3, Interesting)
Re:Secure your passwords (Score:3, Interesting)
Agreed. Sure, some crypto whiz will cut through that clutter in a day or two, but that's probably not the guy who'll lift your wallet at a ball game.
One thing I wish security systems had was some kind of "tripwire" password, i.e. the account is locked if anyone ever tries it. That way you could put the tripwire at the top of the list so if it ever did get stolen the theif would lock himself out permanently before you ever knew your wallet was gone.
Re:Pseudo-Written Password (Score:3, Interesting)
Re:Bruce Schneier agrees (Score:1, Interesting)
My Windows logon password was generated randomly, and written down on a small piece of paper I carried on my person 24/7 until I had it memorized, after which the paper was destroyed. I repeat this process once every six months or so.
Password Safe is probably more secure though, as EFS relies on X.509 certificates that use only 1024 bit RSA (the files themselves are encrypted using AES-256). What I want is a way to create a new certificate for EFS of at least 1536 bits, or better yet, 2048 bits. My past attempts have failed. Apparently the certificate needs to be flagged for use with EFS, which I have not yet figured out how to do.
Re:Pseudo-Written Password (Score:3, Interesting)
14ckwbwtdbwb = Fourteen cannibal kings / wondering blindly what the dinner bell will bring
For a root system password, you may want an even longer password, both for cryptographic security where cryptographic systems support > 8 characters, and more importantly to discourage the use of the root system account by administrators when tools like sudo make its use unnecessary.
ItastD,DIgtiop,lttuatt,wyesok? = I turned and said to Dan, "Dan I guess this is our prime / like they tell us all the time / were you expecting some other kind?"
It's difficult to forget that password, but even in the event you do forget it, there's a strong possibility you'll remember enough to Google-up the answer. And I guarantee administrators will more frequently use (rules-driven, command-logged) sudo when the alternative is a 35-character root password.