<to...@tuxteam.de> writes: > On Mon, Dec 16, 2024 at 10:22:43PM -0600, John Hasler wrote: >> songbird writes: >> > perhaps because the accounts are jointly owned and it is much easier >> > to just continue using the credentials as they exist instead of having >> > to set everything up all over again for no real gain. >> >> Then follow Bruce Schneier's advice and*write them down*. > > Do you have a reference? > > I ask because I'm in the middle of a discussion (and that was my advice, > too). Seeing what Schneier has to say on that would be very interesting.
I have a German copy of "Secrets & Lies" from 2001 in which Schneier discusses writing passwords down on p. 138 (Chapter 9 "Identification and Authentication, Section "Access Tokens"). He says that passwords are no worse than other "simple tokens" (anything which can be stolen or copied) but if you write them down, keeping them in your wallet can be safer than sticking them with a post-it to you monitor. His actual advice is that you should only write half your password down and commit the other half to memory. Cheers, Loris -- This signature is currently under constuction.
