begin quoting Tracy R Reed as of Tue, Sep 19, 2006 at 01:24:29PM -0700: > Ralph Shumaker wrote: > >Just out of curiosity, do you "*advocate* writing down passwords" for > >bank accounts? I realize it's not exactly the same thing, but I am > >curious. > > Yes, I do. Just keep it in a safe place. I consider a home file cabinet > or even a dresser drawer to be a safe place.
...on a post-it stuck underneath the keyboard, or on the slide-out writing surface next to the desk. Putting valuables in your sock drawer gives a warm feeling of security, but hardly slows down an intruder. > Just don't write down the > bank url and account number and everything else with it. A list of 47 passwords with no context is almost as bad as not writing down the password at all, in some situations (e.g., three failed logins -> lockout). A sealed envelope in a locked container (firesafe, safe-deposit box, etc.) or an encrypted list (remember just /one/ password) is more advisable. This is probably one of those situations where you want the REALLY IMPORTANT passwords in a safe-deposit box. Unless you're worried about the feds... > >I'm starting to get frustrated with the exponentially increasing number > >of passwords I'm having to remember. I just had to think up another one > >to create an account with bugzilla. That may not be a crucial password, > >so I used one that may not be too awfully hard to crack. But its > >another one I'll have to remember. > > Indeed. I let my browser remember most of my low security online passwords. Most "online" passwords protect no security information at all, it seems. Those passwords aren't for your protection, but for the website's benefit. Letting the browser remember those is an excellent idea. > >Occasionally, I have considered finding out how to set up an encrypted > >file to store all non-crucial passwords. Maybe even set up a few > >encrypted files to try to obscure it a little. > > I use this and find it to be a great way to store passwords and other > sensitive info. You can use gpg or you can use my preferred method which > is loop-aes. Either way, pick something where you're going to type the decrypting passphrase every day; else you risk forgetting _that_. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
