@kev @bobstechsite This is a perfect example of academic theory not matching real world use. Anyone studying security academically will always tell you to never write down passwords, but this is a real world scenario where writing it down might actually be the best choice.

@kev In this senario, the most possible attack is from people around you -- family, friends etc. They could gain access with relative ease.

Assuming absolute trust on these people, it would be fine. However, it is not always the case in the real world. A kid might want to hide his / her pwds from the parents, or even Grandma might want to hide her pwds from Grandpa.

I believe that, however, this can be used as 2FA: pwd managaer + pwd book, each storing part of the pwd.

@kev now I'm thinking I should get some password books for my family members.

@kev Great article Kev, I fully agree.

I think it also signals to a deeper point of the importance of having a degree of understanding about the risks with tech we use.

"Grandma" probably understands the concept of lock-and-key better than encryption, so it's possibly best to put her in a UI environment more suited to her knowledge base, which in this case is physical security.

@kev so do you use a password book?

@kev
I actually use one myself at home, and I'm a Unix sysadmin. I do keep it locked up until I need it and then lock it back up once I don't, though, and I only record either very imprtant but hard to remember passwords or passwords I use so infrequently that memorizing them wouldn't be worth the effort.

Some times low tech really does work best.

@kev honestly any form of security that requires physical access is by default going to be fairly secure in the modern age

Like unless you’re high up in tech or the government, no ones going to go to the trouble of breaking into your house in the hopes of finding your email password or whatever

@kev @DialMforMara I make it more secure by now wiring explicitly what password goes with what website, just a hint.

@kev The problem with "password on a post-it" was traditionally office environments, if I recall my 90's/00's correctly. People overgeneralized that to "never commit a password to paper" which is just... wrong? Like, I definitely have my key passphrases recorded on paper, because if I get hit by a bus my wife is going to need access to my files. The paper is just not in a very obvious place. :-)

I think even my credit union gets it: They said not to store my password in a Word document. :-)

@kev I think they're fine, and much better than reusing passwords.

HOWEVER, it does nothing to protect against an abusive or controlling spouse/parent/caretaker/etc.

As always: know your threat model 😊.