Writing down usernames and passwords with a pen is insecure in so many ways I do not attempt to count.
The sheer count of passwords however, forces most persons to store them somewhere, instead of keeping all of them just in your head.
The digital solution is to protect the passwords with another password in sort of a vault (e.g. in a file on a password protected disk, encrypted volume or file, password storage program) [Please note: browsers store passwords almost cleartext by default!]
Sometimes you are still forced to keep a password written up quick and easily in an unencrypted environment, like a piece of paper. (Developing and memorizing secret code language is rather difficult to accomplish this.)
The trick is to write down the password, but with a simple to remember twist!
For each password pair you can see first an example of a cleartext password, then the transformed version:
- alaudZAPP1 – alXZaudZAPP12
- persepoleS – pe9lrsepoleSq
- Bo23LOwf3 – BobT23LOwf34
You can insert at the very same position(s) random letters to make the text written down unusable. In this example I choose to insert two the after the first two letters, then one at the end.
Looking at the passwords on the right, remembering your scheme, you can easily re-type (decode) the original passwords but leaving an attacker with an obfuscated one.
WARNING: This method is by far not as safe as a fully encrypted password, and offers only a better-than-nothing protection. Common patterns in your password will become visible by this! Never re-use a password, this method reveals any such mistake, also making it obvious how you encoded all your other passwords written down.
Views: 378
