Ask Slashdot: How To Protect Your Passwords From Amnesia? 381
Phopojijo writes "You can encrypt your password library using a client-side manager or encrypted file container. You could practice your password every day, keep no written record, and do everything else right. You then go in for a serious operation or get in a terrible accident and, when you wake up, suffer severe memory loss. Slashdot readers, what do you consider an acceptable trade-off between proper security and preventing a data-loss catastrophe? I will leave some details and assumptions up to interpretation (budget, whether you have friends or co-workers to rely on, whether your solution will defend against the Government, chance of success, and so forth). For instance, would you split your master password in pieces and pay an attorney to contact you with a piece of it in case of emergency? Would you get a safe deposit box? Some biometric device? Leave the password with your husband, wife, or significant other? What can Slashdot come up with?"
Do what Jason Bourne did (Score:5, Informative)
Tattoo your safe deposit bank number (the bank of which required your biometric identity to get into the vault) on your arm. Maybe you should also tattoo the name of the bank (and address?) there, I seem to remember that he had problems remembering he had a safe deposit box there.
Sealed Envelope (Score:2, Informative)
IIRC, Nemeth, Hein, Snyder, and Whaley suggest a sealed envelope in a safe (or locked away in a safe place). As soon as the seal's broken, you know that the person(s) who know(s) the combination/has the key indeed needed access to the password (in an emergency), so you may want to change the password in the future.
Re:A piece of paper in a drawer (Score:2, Informative)
For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate.
This is the way to go.
The first question you should ask yourself is, if someone have physical access to my computer, do I care if they also have my passwords. If not then a post-it on the monitor will work just fine.
Otherwise you should ask yourself, do I have any physical place where someone finding out my passwords would be the least of my concerns? If you have a place like that, store your passwords there.
As long as you don't store what the passwords are for together with the passwords some random stranger getting hold of your passwords won't be that much of a problem anyway.
Re:A piece of paper in a drawer (Score:5, Informative)
For work-related passwords, my boss has every right to know my passwords if I get sick
Hmm, no, he has every right to access your professional data for sure, but this does not necessarily require him to know your passwords. Back when I was doing IT for a 25-odd people company, I'd briefed people that their password was like their signature: personal, and if some manager asked them their password, they should redirect the manager to me (happened a few times, each time the request was baseless and rejected, and when there was an actual problem, it was solved without anyone having to let anyone else know their password). Heck, I'd briefed everybody never to tell me their password.
Re:Don't need even that (Score:2, Informative)
Everyone forgets passwords once in a while.
Personal Passwords? Most of them can be reset. That is, if that email address still exists. Otherwise it probably wasn't important enough anyway.
Job passwords? Can be reset
Government related passwords (like DigiD in the Netherlands)? Reset it online and they'll send you a reset code via ye olde mail
My girlfriend suffered from a cerebral hemorrhage a couple of years ago.
Trying to get a new bank pass (she also forgot her PIN) was way more difficult than online stuff recovery.
Re:A piece of paper in a drawer (Score:4, Informative)
At work, when one password expires, I update all of my system passwords to match whichever new password I pick.
I used to come up with clever, difficult to guess passwords. Now that I have to change my password every three months, I just +1 my previous password. Farscape20 is what I was at before I switched shows.
If my job really expects a challenging password, then it should stop forcing me to update it so frequently. I am simply not imaginative enough (nor do I have the desire) to come up with something unique each time.