Monday, March 22, 2004

Heresy: Write Down Your Password

What have you got in your pockets?

You've got thousands of dollars worth of stuff in your pockets, or your purse. Seriously. You're carrying keys to your eight-year-old Honda, which is worth about $5,000. Your credit cards could bring in thousands of dollars for a crook.

You're carrying the keys to the house where your family sleeps. It's hard to put a price on that.

Do any of your passwords really need more security than your pocket provides?

Here's how writing down a password and putting it in your wallet can improve your security. First, you'll be able to choose a good password. A good password is one that a bad guy can't guess. Bad guys use impressive computer programs to guess passwords that can try millions of passwords every second. It's tough to pick a memorable password that a program can't find. A good password looks like comic-book profanity and normal people can't memorize it. Write down your password and you're free to pick a good one.

Security includes being able to get to your data. If you forget your password, you're exactly as bad off as if a bad guy had crashed your computer. Write it down, and you're secure against your own bad memory. How many times have you lost a password, and how many times have you been broken into?

What if the password belongs to your employer? Well, then you should follow their policy. What if someone sneaks a peek at your wallet? Can't they steal a password when they couldn't steal car keys? Actually, no. There is a book in print that explains how to duplicate someone's keys if you have only a few seconds of access. Your password will be just as safe, or unsafe, as your keys.

What if you lose your wallet in public places regularly? Then get one of the nifty USB flash drives, carry it around your neck, and if you're feeling especially protective, store your passwords with a program like Password Safe from security guru Bruce Schneier.

"But don't all the security people say never to write down your password?", you ask logically enough. They do, and they're right if you need extreme security, if you have a terrific memory, or if you were going to write down your password someplace easy to steal, like your computer.

If you're a normal computer user with normal needs, then the inside of your wallet is probably the right level of security protection.


This page is powered by Blogger. Isn't yours?