If there’s one thing people always tell you when it comes to computer security, it’s “don’t write down passwords.” But this phase should come with an asterisk or something. For example, you don’t want to write your ATM pin on the back of your ATM card. And you don’t want the password to unlock your work computer sticky-noted to your monitor. But there are plenty of scenarios where writing down passwords is not only OK, but a good idea.
I recently had an experience where I could not remember the password to an encrypted disk image file I had been storing online. I spend days trying to remember what it was, and tried every password I had ever used anywhere. Still no luck. Luckily the files were stored offsite on a drive that was not password protected and I was able to recover them.
Strong passwords are important. What is a strong password? Something that is not easily guessed. I won’t go into too much detail because Lifehacker has a couple of great articles on it already. But to summarize, your passwords shouldn’t be dictionary words, should contain some numbers, some varied capitalization and potentially some symbols. Password Meter is a good place to find out how strong your password is. The most sensitive the account/information, the stronger the password should be. The password for the discussion forums about cat jewelry probably does not need to be as strong as the one for your bank’s website. And if the Gawker Incident wasn’t enough of a warning for you, you should not be using the exact same password everywhere.
A brief aside about password managers. I highly recommend them. 1Password is a great application and definitely a must-buy for Mac users. Last Pass is a browser based password manager that is geared mostly toward web-based passwords but has an advantage of being accessed anywhere, so you don’t have to rely on having the 1Password application and your 1Password database to retrieve files. All of these password managers tend to have a master password that unlocks access to your stored passwords.
What Passwords Should You Write Down?
The most important passwords to right down are the unrecoverable ones. Most websites nowadays have some sort of password reset tool, so if you forget it’s no big deal, you click “Forgot Password” and you get it back. But the password to login into your computer, for encrypted disks or your password manager master password are typically not recoverable. Passwords that someone may need in an emergency as also useful to write down.
Where to Write Them Down?
Where to write passwords down is not a simple question because it depends so much on what the password is for. For example, storing your logon password somewhere near your computer at home, even right next to it, seems crazy. But if you have a laptop, and someone breaks into your house, the fact that your password is written down right next to it is irrelevant, because once someone has physical access, it doesn’t matter what your password is1. The same goes for WiFi passwords. If someone gets into your house, they don’t need your WiFi password, they can just plug into your router.
Bank account passwords don’t make sense to leave in plain sight, unless you never have people over to your house or you trust the world, but they should be somewhere that someone you trust can get to in case there’s ever an emergency. If you live in a worst scenario world, you most likely would want someone to be able to get on your computer something ever happened to you2.
Keeping Passwords With You
If you have an iPhone and are using 1Password, their iOS app can sync with your desktop database so that you would have your passwords wherever your iPhone is. But of course you might not always have your iPhone or it might be dead and you may need your passwords. LastPass is a high tech way around this, but there are low-tech ways as well. First off would be simply having a good enough memory to remember all your passwords, which for most people is not likely. A second option would be creating passwords that are easy for you to remember, but tough for people to guess3. Third is to write them down and keep them in your wallet or purse, with a catch…
Something like the Password Card that makes it easy but requires you to use passwords you will never remember. Or make your own password card with some sort of algorithm. One option would be to print a card with lots of fake passwords on it4 and your real one hidden somewhere on there, where you will remember or recognize it. Of course even if the card is full of real passwords, it’s unlikely a person would know where you have accounts, what your usernames are or which password goes where. You could also re-arrange parts of the password, switch the 1st and 8th characters, or multiply all the numbers by 4, something to mix it up just a bit.
Despite the fact that people have always told you not to write down passwords, it’s not so cut and dry. It’s more important to get in the habit of using strong passwords. If your passwords are strong, they could be possible to forget. So if you need to write down passwords to help yourself, do it, but be smart and creative about it.
- This assumes of course your hard drive is not encrypted [↩]
- I suppose it’s possible you wouldn’t want this if you had some embarrassing things on there [↩]
- See the aforementioned Lifehacker articles for tips on this [↩]
- They should look somewhat similar to the real one [↩]