On Tue, Apr 26, 2011 at 10:49 AM, Eric Wald <[email protected]> wrote:
> On Mon, Apr 25, Nicholas Leippe wrote: > > On Mon, Apr 25, 2011 at 12:53 PM, Aaron Toponce <[email protected]> > wrote: > >> I'm actually surprised that no one has mentioned this, so I'll just drop > >> this here: > >> > >> https://passwordcard.org > >> > >> Yes, there is nothing wrong with writing your passwords down, and > >> keeping it in your wallet or purse. It's how you write them that makes > >> all the difference in the world. > > > > Correct me if I'm wrong, but if your passwordcard is stolen it yields > > a rather small dictionary for an attack on your accounts. > > Better than plain text, but still not very secure--enough so that I'm > > not sure it's worth it. > > Over 25,000 reasonable straight-line passwords; double that to include > spirals. Certainly with range for a dictionary attack, but it would > take long enough that I could re-print the card, print a new card, and > change all of my most important passwords before you're likely to have > cracked even one account. > > Granted, I haven't tried it yet, but I keep telling myself to print out > one with enough numbers for all those 4-digit PINs that are supposed to > be different from each other. I could also see myself using it for > other cases that can't be copied and pasted, such as computer logins. > > - Eric > I like the passwordcard idea......but how do you remember which password goes to which account? Get another card? /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
