F-Secure encourages writing down passwords

A security advisor has recommended users write down their passwords to help them remember more complicated combinations.

Writing on the F-Secure weblog, security advisor Sean Sullivan advised people to make a physical note of their passwords.

Following the publication of phished user details earlier this week, Sullivan said: “So what's a popular password? 123456. Brilliant, right? If you haven't done so already, now is a good time to review your personal passwords.

“Here's some good advice, write down your passwords. Yes, seriously. Write them down. People should write down their web-based passwords. That's one way of making sure that you can remember a ‘strong' password.

“This tends to go against the ‘conventional wisdom', but it just makes more sense. People use weak passwords because they cannot remember the strong ones.”

Gavin Bradbury, global marketing director of Adeptra, said: “We have published the usual top tips on basic phishing such as avoiding using yellow stickies and using the same passwords, but it is up to all of us to make it difficult to get at and think of something that cannot be guessed.

“If you keep the password on your system, is it safer than keeping it in your diary? You could try writing it down backwards or find some way of storing it, but in a perverse way we are heading back to the ark.”

Stephen Howes, CEO of GrIDsure, claimed that while Sullivan's comments may immediately seem very dangerous, you have to accept that a good many people are doing this already anyway.

Howes said: “Everyone nowadays wants you to have passwords or PINS for everything. The generally accepted statistic is that on average everyone is expected to remember about 12 passwords and that about 40 per cent of people use the same password for more than one login.

“However organisations are increasingly asking people to have complex passwords (e.g. passwords that contain upper and lower case characters and at least one digit) and many corporates in particular expect you to change these every 30 days or so.

“The other school of thought is if writing down your passwords means that you will choose stronger passwords and you will have different passwords for different logins, then so long as you keep these written down passwords in a very safe place then perhaps it's a good thing overall.

“At the end of the day I'm sure most people appreciate the need for security but people also want usability, convenience and ease of use. People lead busy lives and the additional mental workload of trying to have to remember multiple complex passwords is too much for us mere mortals.”

See original article on scmagazineuk.com