Breaking from traditional advice and often strict company policies against allowing employees to write down passwords, Bruce Schneier, CTO of Counterpane Internet Security pointed out that, "people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down".
Schneier suggested that people write their valuable passwords on a piece of paper and keep it in their wallets. "Obscure it somehow if you want added security: write 'bank' instead of the URL of your bank, transpose some of the characters, leave off your userid," he explained.
Jesper Johansson, senior program manager for security policy at Microsoft, agreed. "If I write them down and then protect the piece of paper – or whatever it is I wrote them down on – there is nothing wrong with that. That allows us to remember more passwords and better passwords," he said at a conference hosted by Australia's Computer Emergency Response Team.
"Writing down your impossible-to-memorize password is more secure than making your password easy to memorize," Schneier added. And those who already follow this practice are breathing a sigh of relief.
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
