Re: 1 in 3 workers write down passwords

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 10/18/06, coderman <coderman () gmail com> wrote:
> On 10/17/06, Ron <iago () valhallalegends com> wrote:
> > ...
> > Hmm, I generally tout myself as a security guy, but I have to admit,
> > even I do that sometimes.
>
> agreed; once your password list gets long enough you need to do it.
> (i'm counting 27 high entropy passwords in my file, like a9@7.8X7&17Rd5#Dw)
>
>
> > Generally, when I'm given a password for a remote system that is
> > something like "7QbbBr2CqqS", I'll write the password, all by itself, on
> > a yellow sticky note and stick it to my monitor for a week or two, until
> > I feel like I've memorized it well enough to toss (fine, eat) the note.
>
> i don't even bother trying to memorize.  instead i boot into a system
> with full disk encryption using a single good password/passphrase that
> i _can_ remember.  that is where the text file with all the other
> passwords lives.  (this system also contains all my authorized private
> ssh keys, which i prefer to passwords when possible)

I would at least use a keyring on top of having a txt file on an encrypted disk.
Whole disk encryption is great and all, but its not a security buffer
once you boot up. If someone can compromise the userland part of your
workstation through the nic(via html, java, java script,, random
OS/application flaw) the file is not encrypted to them.

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.