On Tue, 10 Dec 2019 06:56:15 -0600 John Hasler <jhas...@newsguy.com> wrote:
> I wrote: > > Bruce Schneier recommends writing passwords down and then keeping the > > document containing them secure. > > Andrei writes: > > Not everybody has the luxury of typing password without danger of > > someone taking a peek over the shoulder. > > True but the admonition isn't "Don't write down passwords if you cannot > read them back securely". It's "Never, ever, ever write down a password > no matter what!" In the current environment bad passwords are a far > greater threat than that of friends or co-workers sneakily reading them. > Common sense applies. Writing down passwords doesn't mean you have to > read them aloud while sitting at a hotel bar. Arnold Reinhold (the Diceware creator) agrees with Schneier: Should I write down my passphrase? This is a very important question. Much advice says never write down your passphrase under any circumstances. I strongly disagree, as do may other security experts. Most people are more afraid of forgetting their own passphrase than they are of having it stolen. As a result they tend to pick passphrases that are far too weak. I actually did a small survey on this question and the results support my view. See http://world.std.com/~reinhold/passphrase.survey.asc Also many people need dozens of passwords or passphrases for different programs and web sites. Remembering them all can be difficult, particularly those that are used infrequently. For most people it is better to pick strong passphrases, write them down and keep them in a very safe place. There may be legal advantages to memorizing your key, however. http://world.std.com/%7Ereinhold/dicewarefaq.html Celejar
