Ravenwood - 05/27/05 06:30 AM
IT Security gurus are telling people to go ahead and write down their passwords. Their reasoning makes more sense than you might think.
"How many have (a) password policy that says under penalty of death you shall not write down your password?" asked [Microsoft's Jesper Johansson], to which the majority of attendees raised their hands in agreement. "I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."Just don't leave them on a post-it note stuck to your monitor.According to Johansson, use of the same password reduces overall security.
"Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it," Johansson said. "If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords."
At this point, I find myself using the "I forgot my password" option regularly. I have so many, that on infrequently used sites, it's easier to just get the password reset instantly than it is to remember then all.
-A
Or published on your blog.
18BEERS2cigars15Guns
StevenwoodVTU
heh. Not even close.
(c) Ravenwood and Associates, 1990 - 2014
