You must log in or register to comment.
Self hosted and air gapped.
And very power efficient
The indexing and search need improvement.
Quantum proof
Honestly, a physical password book isn’t a bad idea.
Not accessible via the internet, and in most cases if someone has physical access to your system you’re done for anyway.
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
Yep. My Dad in his late 70s uses this system and it works great for him.
People make fun of it, but for people with low tech literacy this is actually far better than having a mish-mash of solutions where some their logins end up automatically saved in iOS on their phone, some are saved in Chrome on the desktop, some are just in their head, they don’t know where anything is, and are constantly losing access and resetting credentials all the time.
And it definitely reduces the burden on me of parental tech support, when its all in the book.
“People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down.
We’re all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Obscure it somehow if you want added security: write “bank” instead of the URL of your bank, transpose some of the characters, leave off your userid. This will give you a little bit of time if you lose your wallet and have to change your passwords. But even if you don’t do any of this, writing down your impossible-to-memorize password is more secure than making your password easy to memorize.”
For the majority of my clients who use this kind of system, it is totally dysfunctional.
Most of the records are incorrect, my guess is that they occasionally reset the password on mobile while the book is inaccessible and then don’t remember to update it in the book later.
Effective use relies on the user’s understanding of umbrella accounts. I’ve had users have separate written entries for “Office”, “Skype”, “Hotmail”, and “Windows” because they don’t understand those things are all one Microsoft Account.
As passwords get updated, it can become a mess of crossed out records with new ones squished into the margins. When a someone dies, anything written illegibly can be difficult for surviving family to discern. As the book gets filled out, it can get tricky to keep things alphabetized unless the user provisioned additional empty space between records.
This system can work great for someone who is meticulous, neat, and organized.
For your average person, I’ve had better luck solving the problem with a password manager synced to an online account that is protected by MFA and has recovery options that are also protected by MFA.
I’ve had users have separate written entries for “Office”, “Skype”, “Hotmail”, and “Windows” because they don’t understand those things are all one Microsoft Account.
In fairness to them, I get a new email every month or two from Microsoft letting me know that they merged another account that I didn’t ever ask them to.
The main weakness
is it’s a pain in the ass.
- Won’t generate strong passwords.
- Won’t fill out login forms for me.
- Manual, slower search and copying (worse for dyslexia).
- Increases risk of submitting credentials to wrong site/app (especially malicious ones).
- Increases error of mistyping credentials.
- More effort to back up & retrieve.
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
Watch out for that home grown script kiddie
I see no issue with this, especially for an elderly person, for example, to keep at home. The only way this will get “breached”, is if someone breaks into her home. At that point, the password book is the least of her concerns anyway. In fact, from a cyber security point of view, this is brilliant if kept in a safe place, such as a locked safety box. You can’t really remotely hack a physical book.
her
What?
Sorry, it just read to me like you’re presuming a old person that struggles with tech would be a woman. I should’ve left a more constructive comment.
Oh! Hahahahaha!! Not at all! I specifically had my grandmum in mind, since my grandad has passed long ago.
Oh haha sorry!
So far the combined might of the Russian, Chinese, American and North Korean hacking teams have been unable to crack the post-it note on my desk.
now they know where to look.
If they’re in my apartment I’ve already got bigger problems.
You didn’t know they were coming, didn’t tidy up, and now you feel awkward. The struggle is real.
Add an extra layer of security by putting it in an envelope and stapling it to the bottom of your desk
this is my internet password logbook
That is tight as hell and I love it
you too can have it (not my listing): https://www.depop.com/products/christy19js-rare-1990-sanrio-spotty-dotty/
It’s $55 (I’m assuming USD). Or “4 interest-free payments of $13.75”. On one hand, it’s expensive. On the other hand, it’s bloody brilliant!
Hells yeah thank you for sharing :D
Silly, you just posted a picture of your key now everyone can access your passwords
True, but honestly look at that lock, you can open that with a paperclip.
I still like it.
PSA: Home use? That’s probably okay. Work use? If you’re in-office, this is a ticking time-bomb that can get you fired, one way or another. Use the company 1password or whatever you have access to, please. Thank you.
InfoSec likes nothing more than for you to tell them not to worry because you write all your passwords down and only read emails after you’ve printed them. 100% secure.
In my office I have a list that says passwords all nonsens and just as a decoy. I have a system that I use for rotation woth a visual reminder (by association, not directly) somwhere in my office
Keeepass, simple and easy to use! https://keepassxc.org/
* for the tech inclined
Managing sync between mobile and desktop is a bit more complicated than average consumers have the patience for (it’s really not very complicated, average consumers are just impatient)
I’ve found 1password a good compromise. Unbreached so far!
For a lot of people at 60+, writing things down is easier and safer. It will also help anyone that would need to troubleshoot or in the event of death in a very simple way.
i got bitwarden
we might laugh at this but I think this is useful. Even though I wouldn’t use something like this and I’d just use a regular dedicated blank notebook and my password manager, it can be useful to people who have problems with computers and can’t handle a password manager, yet may give pages with good templates to show how to record sensitive information.
I have hundreds of logins, the convenience of a password manager is just too nice.
Exactly this is the reason why I gifted it to someone. I’m already glad they don’t use 1 password for every website.
Oh yeah, this is for my in-laws. This is peak boomer tech right here.
Of the 200 elderly I see maybe 75% still use the book or a variation of it.
The best is when they use iPad notes or even their fucking contacts to save info lol
The best is when they use iPad notes or even their fucking contacts to save info lol
That’s awesome, worrying, adorable, and still more secure than using the same password everywhere.
Sure, it’s a horrible idea in an open office environment but if someone wants to use this at home for all their passwords it really won’t hurt anything.
Especially when helping your parents living in the middle of nowhere.
Seeing them struggle with the changes happening in the last few decades, makes me worry what I’ll be like when i need some young whippersnapper so that I can pay via personal, irrational, conditional thinking.
makes me worry what I’ll be like when i need some young whippersnapper so that I can pay via personal, irrational, conditional thinking.
Sometimes I share this fear.
But then I think - I’m on Lemmy, so I think “I’m still hip to new jazz.”
But then I remember that Virtual Reality will (probably) be commonplace someday, and something somewhere will require it - and I know in my heart that I’ll complain loudly about it before, during, and after I (demand that my grandchild) use it (for me).
It’s actually super useful for old people, who sometimes like to “accidentally log off” and stuff.
Or Microsoft who randomly needs to verify someone’s identity before they can log into.tgeir computer but the user doesn’t have a smart phone. So they need to call someone trusted to have them log into their email from a different computer just to get the code so the user can log into their computer.
But that also means they didn’t have access to any saved passwords so a notebook helps.
I really should put Linux on her machine but then I have to show her how to do that too. It’s a lose-lose so I keep it the same.
I miss local accounts.
You can still use local accounts with Windows 11. It’s just a bit fiddley. If you use Rufus to make your boot usb, there’s a bunch of deshitification options you can do.
Best option for non techies at home.
I’ve not found anything better. Storing on my computer, or worse someone else’s computer, doesn’t seem safe.
The trick is to use code language, and don’t forget the code. Then you can use digital sources more freely, I feel.
That Web Addresses placement is killing me.
they just centered the whole thing 🤦
It’s infuriating! 😬
This isn’t the flex you think it is, OP. 99% of cybercriminals are also cowards. Physical security of ANY kind beats even the best password managers.
If you don’t know what lattice-based encryption is and how to purchase it through NordVPN, start reading up because encryption as we know it isn’t long for this world. Pretty sure they already dragged their feet too long on Bitcoin’s algorithm but the day cracking common ciphers is within the grasp of quantum clusters is the day we all become Amish. Plan accordingly!
My understanding is that quantum computing has been taken into account for some modern cryptography. And that memory-hard cryptography basically defeats quantum computing solutions. There are a few methods, but one of them is just very long keys, it’s trivial to make a cryptographic key longer.
So sure, you could defeat some of that with a machine operating with 1024 entangled qbits, (which is… oh man… not an easy task), in which case, wow, congratulations. But what if I increase my key length to 100k? It might take an extra 3 seconds to check the key and log in, but it’ll take an extra 25 years for quantum computing to catch up.
Can’t wait to hand write my 32-bit passwords.
My handwriting comes with free encryption at rest. Even I might not be able to read it.
You haven’t changed your password for 30 days. Reset it now.
