Writing Your Passwords Down Is… Good, Sort of
In the past, you probably have heard of the opposite advice from professionals – that writing passwords down is bad. But you know that if you don’t write passwords down, you’ll forget them. Notice the link “forget password” on most websites? It’s a pretty popular feature.
So the title says that writing your passwords down is… good. Let’s all rejoice.
Okay – don’t get too excited – notice the … between the word is and good. And notice sort of. Writing your passwords down on post-it notes still isn’t all that good.
- You might lose it
- Someone else might see it
The reason that writing passwords down is good is that it beats you using an easy password, that’s it. It’s because easy passwords are easy to guess and hack against, so if you have a difficult password that’s hard to hack but also hard to remember, it’s better to use the difficult password and write it down, rather than using easy password without writing it down.
See the nuances above? If you do something, then something else would occur, otherwise something else would occur. This is the hallmark of concept learning rather than rote learning. The more you understand the reasons behind a decision, the more soundly you can make a decision and feel more secure about the outcome. We’ll focus on concepts here.
So – if you have to write it down on a piece of paper, make sure you put that piece of paper away, say in your wallet or something (which is something that you would have to protect anyways… we’ll talk about physical security in future posts).
But better than writing it down on a piece of paper, write it down with an encryption software.
The reason this is a better approach is that the proper encryption tool will scramble the data you write down so it cannot be reversed without proper password to the encryption tool, and with the right tool the amount of data you can write down will be much greater than a piece of paper you carry in your wallet.
So if you choose to write down all your passwords into an encrypted file – you’ll in effect achieve the following
- The password to your encrypted file is now your MASTER PASSWORD – you just need to remember this password to gain access to the rest of the passwords
- You can now use different and complex passwords for all of your accounts – you no longer have to remember them – you just need to look it up when you need to access the account
You can still use the paper method above to write down the master password physically and put it into your wallet, of course.
The above method is obviously more cumbersome comparing to a single password approach, but as we said, the risk is now much lowered, which, when considering what the potential risks are, should be a no brainer for you to decide for this approach. Furthermore, with an appropriate encryption system, you will naturally have other confidential data that you would find it coming handy.
But alas, there are no free lunch in the world, so we also have to pay attention to additional issues.
- You should keep the encrypted file locked most of the time instead of having it open in the background to strive for maximum safety – someone might look over your shoulder sometimes, and you might not remember it being there when it happens
- You will also have to deal with backup of the files – as you are unlikely to remember the data inside, once they are gone they are gone. But you’ve been backing up your computer, haven’t you? 😉
We’ll talk about encryptions and backups in future posts.