Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Please do not change your password

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Thu, 15 Apr 2010 11:08:52 -0500
There's only a few passwords I actually remember.  Everything else is in one or another wallet of some form or other.

Some security professionals have been on record for some time *advocating* writing down passwords:

  http://www.schneier.com/blog/archives/2005/06/write_down_your.html 

Yes, 2k5.

   -jml


Allison Dolan <adolan () MIT EDU> 2010-04-15 11:04 >>>

good point!    given the number of security professionals who write  
down passwords, this is a case of 'do as I say, not as I do'...

......Allison  Dolan (617-252-1461)



On Apr 15, 2010, at 11:24 AM, Steve Werby wrote:


I consider the biggest password related failure of the information  
security community to be that we demand that users memorize their  
passwords (or alternately "don't write them down").  Sure, we don't  
want them to attach them to their monitor or hide them under their  
keyboard, but do we really believe there's a significant risk if  
they're kept in their wallet inside their pocket and written down  
in a way that doesn't clearly reveal them?  Or storing them in an  
encrypted password vault?  We're causing them to re-use passwords  
(http://www.sophos.com/blogs/gc/g/2009/03/10/password-website/) or  
create passwords that follow a similar format, which puts the  
systems we're trying to protect at significant risk.

Long + unique + write them down securely
Previous By Date Next
Previous By Thread Next

Current thread: