Security myths and misconceptions - Writing down passwords is bad

This is the first of a series of short posts to debunk security myths and misconceptions. In today's blog i'm going to explain why writing down passwords is not bad.

Security professionals will freak out when they see something like this:

And admittedly this is a terrible idea. But let's analyze what the problem is.

Is writing down passwords bad?

No, because unless you're a genius or only have very few passwords to remember you have to write them down somewhere, whether it's on a piece of paper or digitally. The human brain is not capable of remembering strong and unique passwords for a big number of accounts. Two years ago I had 107 accounts and it has only grown since then.

But do I hear you think...

"If the Hawaii emergency agency wouldn't have written the password down and would just use a password manager instead, this wouldn't have happened?"

That's absolutely right, from a company you'd expect that they manage passwords in a secure way. But for non tech-savvy people it's not as simple as just using a password manager. There's a usability barrier. But this doesn't have to be a problem. Given the risks a lot of these people face, a better solution can be to write the passwords down, for instance in a password book. Like I explain in this blog the goal is using strong and unique passwords and people should use whatever solution enables them to reach it.

It's how you store them what matters

What if you store your passwords in an excel sheet or a text document that you store on the hard drive of your computer? Would that be more secure than writing them down in a password book that you keep somewhere in a drawer of a cupboard in your house?

No, on the contrary. Your computer is connected to the internet unlike the password book and the risk of your passwords getting stolen therefore is a lot higher.

What matters is where you store and how you safeguard your passwords. Choose the approach that works best for you.

John Opdenakker

John Opdenakker

Blogger | #Infosec | #AppSec | Security awareness | Occasional Public Speaker | Cycling | Running | Enjoying life