Why you should write your passwords down


I wrote earlier this week about the trouble Jeremiah Grossman had recovering a forgotten password. Though it should have been a fairly simple matter with an online service equipped with a "forgotten password" feature, the problem in this instance was that the password was required to access an encrypted offline volume.

And as the CTO of a security vendor, Grossman was intimately aware of the dangers of data leakage. This meant that he opted for the strongest encryption available, which in this case turned out to be the very robust 256-bit AES encryption.

In his analysis, Grossman estimated that cracking the file via a brute-force approach would take "multiple decades of cracking" at current processor speeds. You may want to read "How a security professional had to crack his own password" to find out how he eventually gained access to his data.

Regularly changing passwords, coupled with the complex rules of doing so, make forgetting one's password a "when," not "if" situation. Obviously, the use of password managers would be useful--except that they won't be much help should you forget your latest login password for your BitLocker protected Windows laptop.

So how about writing your password down on a separate device, or gasp, maybe even on a piece of paper? Personally, I record my passwords on my smartphone, which is never kept in my laptop bag. Of course, while this protects me against the theft of my laptop bag, it won't be terribly useful if I ever get mugged. Then again, it doesn't seem like a bad idea considering the alternative: Trying to figure out a forgotten password for hours or even days.

What about you? Have you ever forgotten a password, and how do you ensure that important passwords are never forgotten? As usual, I look forward to hearing from you via a tweet, email, or note in the comments section below. - Paul Mah  (Twitter @paulmah)