Follow Slashdot stories on Twitter


Forgot your password?

Ask Slashdot: How To Protect Your Passwords From Amnesia? 381

Phopojijo writes "You can encrypt your password library using a client-side manager or encrypted file container. You could practice your password every day, keep no written record, and do everything else right. You then go in for a serious operation or get in a terrible accident and, when you wake up, suffer severe memory loss. Slashdot readers, what do you consider an acceptable trade-off between proper security and preventing a data-loss catastrophe? I will leave some details and assumptions up to interpretation (budget, whether you have friends or co-workers to rely on, whether your solution will defend against the Government, chance of success, and so forth). For instance, would you split your master password in pieces and pay an attorney to contact you with a piece of it in case of emergency? Would you get a safe deposit box? Some biometric device? Leave the password with your husband, wife, or significant other? What can Slashdot come up with?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How To Protect Your Passwords From Amnesia?

Comments Filter:
  • by wisebabo ( 638845 ) on Wednesday January 08, 2014 @06:34AM (#45896153) Journal

    Tattoo your safe deposit bank number (the bank of which required your biometric identity to get into the vault) on your arm. Maybe you should also tattoo the name of the bank (and address?) there, I seem to remember that he had problems remembering he had a safe deposit box there.

  • Sealed Envelope (Score:2, Informative)

    by Anonymous Coward on Wednesday January 08, 2014 @06:41AM (#45896173)

    IIRC, Nemeth, Hein, Snyder, and Whaley suggest a sealed envelope in a safe (or locked away in a safe place). As soon as the seal's broken, you know that the person(s) who know(s) the combination/has the key indeed needed access to the password (in an emergency), so you may want to change the password in the future.

  • by Anonymous Coward on Wednesday January 08, 2014 @06:44AM (#45896179)

    For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate.

    This is the way to go.
    The first question you should ask yourself is, if someone have physical access to my computer, do I care if they also have my passwords. If not then a post-it on the monitor will work just fine.
    Otherwise you should ask yourself, do I have any physical place where someone finding out my passwords would be the least of my concerns? If you have a place like that, store your passwords there.
    As long as you don't store what the passwords are for together with the passwords some random stranger getting hold of your passwords won't be that much of a problem anyway.

  • by aaribaud ( 585182 ) on Wednesday January 08, 2014 @07:17AM (#45896331)

    For work-related passwords, my boss has every right to know my passwords if I get sick

    Hmm, no, he has every right to access your professional data for sure, but this does not necessarily require him to know your passwords. Back when I was doing IT for a 25-odd people company, I'd briefed people that their password was like their signature: personal, and if some manager asked them their password, they should redirect the manager to me (happened a few times, each time the request was baseless and rejected, and when there was an actual problem, it was solved without anyone having to let anyone else know their password). Heck, I'd briefed everybody never to tell me their password.

  • by Anonymous Coward on Wednesday January 08, 2014 @07:29AM (#45896373)

    Everyone forgets passwords once in a while.
    Personal Passwords? Most of them can be reset. That is, if that email address still exists. Otherwise it probably wasn't important enough anyway.
    Job passwords? Can be reset
    Government related passwords (like DigiD in the Netherlands)? Reset it online and they'll send you a reset code via ye olde mail
    My girlfriend suffered from a cerebral hemorrhage a couple of years ago.
    Trying to get a new bank pass (she also forgot her PIN) was way more difficult than online stuff recovery.

  • by JackieBrown ( 987087 ) on Wednesday January 08, 2014 @09:22AM (#45896869)

    At work, when one password expires, I update all of my system passwords to match whichever new password I pick.

    I used to come up with clever, difficult to guess passwords. Now that I have to change my password every three months, I just +1 my previous password. Farscape20 is what I was at before I switched shows.

    If my job really expects a challenging password, then it should stop forcing me to update it so frequently. I am simply not imaginative enough (nor do I have the desire) to come up with something unique each time.

The Force is what holds everything together. It has its dark side, and it has its light side. It's sort of like cosmic duct tape.