back to article Leatherbound analogue password manager: For the hipster who doesn't mind losing everything

News reaches us that will leave password management outfits quaking in their boots. The Conran Shop has a solution for forgetful users, and it is a snip at a mere £22. Users need to remember a bewildering array of passwords just to get through an average day, which can lead to some pretty shoddy practices as revealed in the …

Silver badge

Re: Captain Scarlet: Name > website / Phone No. > password

The built-in keychain works well, and syncs with your iDevices.

0
0

Re: Captain Scarlet: Name > website / Phone No. > password

@fruitoftheloon

LassPass works fine for me, either browser plugin or the app, syncing automatically with my iPhone and Win 10 PC.

1
0
Anonymous Coward

Post-it notes and not those expensive ones, the ones you get at the pound shop. Perfect and they solve that other age old IT problem of having to keep giving everyone your password every time you change it. It's literally right there.

6
1
Silver badge

Who needs Post-it notes? Just do what the NHS does - force users to change password every 3 months so they pick a simple password and stick the month number on the end. Password1 is accepted to make it extra easy to hack an NHS email account.

13
0

Just do what the NHS does...

You fool!! Now everyone knows!!! I'll have to start putting a 2 on the end now!!!! (or some more exclamation marks!!!!!)

12
0
Anonymous Coward

Re: Just do what the NHS does...

Never mind that here medical personnel doesn't even bother any more to ask "it's the birth year, right?" for health cards - it is, for everyone, and everyone knows it. Yes, really.

0
0

Re: Just do what the NHS does...

Here's another NHS secret: Want to break into any nursing home? the door code is 1066.

OTOH - Don't want to break into a nursing home? hmm yes I can see that :-)

2
0
Silver badge

Re: the door code is 1066.

You might want to avoid NHS properties where the door code is 1665.

2
0

What can you trust?

I would trust a notebook, kept in a secure place, as my back-up to any of the fancy, computerised, alternatives. It's not as convenient for daily use, but it can work as part of a system. Some of the risks for me are different from those of a busy office. Different risks mean different answers.

Recent experience makes me wary of password managers. They're software. Software goes wrong. What then?

When did you last test a back-up?

24
0
Happy

Re: What can you trust?

I restored from a backup in June, successfully, I might add.

4
0
Silver badge
Facepalm

Re: What can you trust?

I trusted the solicitor when I last updated my will. Side letter with all the usernames, passwords and account details of all our financial stuff. To be given to my wife should I die.

The solicitor very helpfully photocopied it and sent a copy in the post.

18
0
Silver badge

Re: What can you trust?

Did it include all the usernames and passwords that should not be given to your wife?

8
0
Silver badge

Re: When did you last test a back-up?

I ran a (someone else's) script on Friday and wiped out a decently large amount of one of our network drives.

The backup is being restored today (no snapshots on that drive, so Thursday's tape had to be acquired.

0
0
Silver badge

I do like the cover title

Very discreet. Will certainly deter anyone who's prying.

3
0
Anonymous Coward

Re: I do like the cover title

Like the waste bin in our office conveniently labelled "Confidential".

Well, it was until some wise guy with a pair of scissors discovered that confidential is an anagram of "I can fondle it". At least it's more secure now.

5
0
Silver badge

Telememo watches

Casio still sell a range of inexpensive, reliable watches in a range of styles with a Telememo function. It's a bit fiddly to enter alphanumeric info into them though. A watch is harder to lose than a notebook. You can store a password and don't have to note which account it is for. If you lose your watch it can't necessarily be linked to you by a bad guy. Of course if you do lose your watch it'd be a good idea to have your passwords written down at home stored on waterproof paper in a half eaten jar of mayonnaise at the back of the fridge (or hiding place of your choice)

5
0
Silver badge
Happy

Re: Telememo watches

"...on waterproof paper in a half eaten jar of mayonnaise at the back of the fridge.."

Sadly vulnerable to the EWW Police.

3
0
Silver badge

Re: Telememo watches

And yet I've lost more watches than notebooks.

In face I don't think I have ever lost a notebook, but I've lost at least 5 watches...

I take them off, I don't like wearing them. Notebooks are bulky enough to be in a bag or something.

1
0
Anonymous Coward

I've got a better solution...

We keep all our passwords at home in a book, but it's labelled as "NOT password book".

What could possibly go wrong with that?

(and I'm not joking, we really do have that. It's really just for not so important stuff, and you'd have to break into our house to get it. But I'll post this as AC anyway, just in case)

11
0

Re: I've got a better solution...

>>but it's labelled... we really do have that...

I was about 9 when I stopped labelling books. Was I a prodigy?

2
3
Silver badge

Re: I've got a better solution...

Labelling books, folders and toolboxes is fair enough since you can't see the contents without opening them... it's the labelling of jars 'Kitchen Utensils' (with spatulas and whisks poking out the top) that I don't understand.

16
0
Silver badge

Re: I've got a better solution...

I was about 9 when I stopped labelling books. Was I a prodigy?

Earlier - not by choice - the school insisted all pupils books have a cover - the really really horrible wallpaper I had to use wouldn't take even a permanent marker and any taped labels slid off within a day leaving a slimey sticky patch.

6
0
Thumb Up

@AC: Re: I've got a better solution...

AC,

yup, same here, except for my primary email and e-banking etc..

Jay

1
0
Silver badge

Re: I've got a better solution...

Labelled kitchen jars...it's so you know what they are for when you buy them.

5
0
Silver badge

Re: I've got a better solution...

"it's the labelling of jars 'Kitchen Utensils' (with spatulas and whisks poking out the top) that I don't understand."

I know many of us around here are supposedly "on the spectrum" and have varying amount of trouble dealing with subtext, but come on - that's basically textbook. There are eleventy billion reasons to label something beyond the basic intent to convey apparently redundant information, of which "I told you a hundred times to put it back right here after you used it you bastard!" or "No, you can't use this jar to clean your carb jets keep your pickles in even if you see it empty!" or "Guess what yes I have OCD, do you have a problem with that?" are merely some of the simpler and more benevolent ones...

4
0
Silver badge
Coat

Re: I've got a better solution...

it's the labelling of jars 'Kitchen Utensils' (with spatulas and whisks poking out the top) that I don't understand.

To the Bat Kitchen!

Mine's the black cape.

7
0
Silver badge

Re: I've got a better solution...

"it's the labelling of jars 'Kitchen Utensils' (with spatulas and whisks poking out the top) that I don't understand."

My kitchen utensils are in a jar intended to store spaghetti.

I leave my spaghetti in its wrapper in a cupboard, protected from the smoke from burnt toast, smoky grills, flies etc.

2
0
Silver badge

"it's the labelling of jars 'Kitchen Utensils' (...) that I don't understand."

That's to remind the users to Put It Back Where It Belongs after use. Nifty, isn't it?

0
0
Silver badge

How to waste bad people's time.+

Obviously the big danger is losing it. Which is why I keep mine on a few sheets of A4 and take a photocopy from time to time.

But would you really write your passwords in plain? Surely anyone with half a brain would obfuscate them? Add three random characters in the middle or something? There will then be a lot of frustrated bad people trying and failing to login to your a/c with your p/w

4
0
Silver badge

Re: How to waste bad people's time.+

Or just have one of these books filled with garbage, and keep your real passwords somewhere else. Should waste a few hours of thief/cybervillain/state actor time before they realise...

I used to carry around a MicroSD with all kinds of dodgy files on it (a folder called Project Reticle, a spreadsheet full of random 5-letter groups, an astrophysics PDF with certain letters in the article strategically highlighted, and so on) - just to waste the time of any agent that might stop and search me.

Until somebody reminded me that if they DID stop me, and found said MicroSD, there was a distinct probability that they would lock me up until I told them what it all meant. Which would likely be an extremely long time given that it was garbage.

So I left it taped to the side of a coffee cup in Starbucks. Still wonder from time to time what became of it and if it ever ended up being 'investigated'.

16
0
Bronze badge

Re: How to waste bad people's time.+

I'll just leave this here:

http://www.milk.com/wall-o-shame/security_clearance.html

Title:

What Not To Write On Your Security Clearance Form

A little tale of how a childhood fascination with cryptography led to later life infelicities.

Of course, only criminals and people who have access to U.S. nuclear launch codes imagine the FBI to be "bad people", right?

5
0
Silver badge
Big Brother

Of course what you do is have a little deamon running in the background looking for login attempts against the usernames in your book. Then you know someone is after you.

7
0

Passwords are outdated

I think this really flags up that passwords are an outdated concept. Mock as much as you like abotu writing passwords down, but why in the 21st Century are we relying on a series of characters pressed out on what is quaintly known as a 'keyboard'.

I don't have the solution myself, however I rather do like Microsoft Hello and facial recognition.

I realise there will be many responses saying 'this is not secure enough'

For centuries, people have placed great store in physical keys. You can still see keys for ancient castle doors for instance, so we have a cultural appreciation of keys.

I really dont see why more companies dont use smartcards for authentication. You normally have a smartcard on a lanyard, and this is used to open doors within the building.

OK, for the home user and e-commerce sites you wont have a company smartcard. But increasingly we see two factor authentication using a one-time code sent to a mobile phone.

0
10

Re: Passwords are outdated

This does not work. Here are the problems:

Facial recognition: Systems can be fooled by photos in some cases. Models can be created from video footage and sent to the systems. If compromised, the user can't change their face.

Smart cards: Relatively expensive. Must be written by extra hardware, so a copy of data on the card is usually available. No reader for most cases where they are needed.

More clearly, keys are considered useful because they have what passwords have. They're hard to just guess in most cases, so they act as a delay. They won't keep someone out forever if they are determined, but they make it hard to just open the door. When there is a problem with them, they get changed. Keys and passwords can be hidden. Faces can't, and smart cards can only if every system they get used on are trusted.

3
0
Gold badge

Re: Passwords are outdated

Apart from all the problems mentioned, it's silly to call a system (i.e. passwords) outdated, when you don't know what their replacement should be.

Now if you'd said passwords are a rubbish idea, almost everyone would agree with you. It's just that most of the other ways of doing this are rubbish as well.

I suspect there may never be a killer solution that is cheap enough to use in all circumstances, while also being very secure (total security being a mythical concept). So we'll end up picking the best of various dodgy compromises, depending on circumstances and budget.

1
0
Silver badge

Gorge yourself to huge obese blob proportions.

Lose the gained weight.

You now have lots of folds of excess skin.

tattoo your passwords there (on skin "folds" underside so casual thief will not notice)

Bar life threatening injury / severe skin disfiguring illness, your credentials are safe

CBA with joke icon

7
0
Anonymous Coward

That's all fine until somebody watches you doing a handstand.

6
0
Silver badge
Trollface

Well sure, but they'd be left to wonder why their freshly stolen "wow" passcode doesn't work, when they read off the true "mom" one upside down...

5
0
Silver badge

As recommended by Bruce Schneier

Write Down Your Password

Well - it was a long time ago.

3
0

First Pet, and Mother Maiden Name

Yep im looking to the future, where all passwords can be easily remembered by their password hints, will save acres of paper and plasti binding.

Just a flip card should do, 50p. Usually i get people to tell me these things anyway, as passwords are so complicated, it comes down to....... Fluffy , Armstrong :)

2
0
Devil

Re: First Pet, and Mother Maiden Name

All easily available from you (or partner/friend) facebook timeline...

next please

2
0
Joke

Missed a trick

The cover title should be SDROWSSAP, so the servants can't understand it...

3
0
Silver badge
Trollface

Re: Missed a trick

Luxury binding, with title on the spine in exquisite calligraphy: "Theof Houseman - Bookword pass"

1
0

It's kinda funny, because my parents, now into their 70's, were worried about their online security (a good thing) after hearing that they shouldn't write all their passwords down on a piece of paper from a number of news articles.

Except that piece of paper is in their house, in their basement, in their office area, in a drawer near their iMac. Literally no one other then them or I will ever look in that drawer and see that piece of paper, and they never have to worry about forgetting a password. But the media sure did a good job of scaring them into thinking they were doing something wrong, even though their attack footprint was impossibly tiny.

Anyways, only mentioning this because it inconveniences me, and that's the worst inconvenience of all.

11
0
Silver badge
Unhappy

"Except that piece of paper is in their house, in their basement, in their office area, in a drawer near their iMac. Literally no one other then them or I will ever look in that drawer and see that piece of paper, and they never have to worry about forgetting a password. "

I once attended a Neighbourhood Watch event where a policemen gave tips on securing your home.

One thing he mentioned was that thieves would look in the right hand* drawer of desks because this is where people would put things like spare car keys, burglar alarm codes and so on.

I got home and investigated my own right hand drawer, and was surprised how much stuff like that I had there.

* presumably that would be left hand drawer for left handed folks

1
0
Silver badge

I’m right handed, but would put stuff in the left hand drawer, as I use the left hand to open the draw and the more dexterous right hand to move things in and out.

3
0

Forgetting password is very rarely a disaster

If you are really you, there is usually a way to get it back, so long as the organisation has a working email address for you on record.

But someone else getting your password can be very nasty.

Therefore it is more important to keep your password from others than it is to make sure you can always find it yourself.

The real problem comes when your descendants try to deal with your account. But people who think logically don't worry about that.

(As I have recently found, for sensitive sites your registered address should match your "From" address. One that you use only for receiving can cause people to be suspicious when you reply from a different one.)

1
0
Silver badge

It's small enough

Roughly the area of a credit card. So you can store it somewhere very, very safe.

Just as long as no one watches you getting it out.

0
0

At least it encourages people to use different passwords for each site.

It's probably more secure than trusting a browser to remember the credentials.

I am not a big fan for password recovery by email. Gmails near monopoly means that they have an easy opportunity to snoop.

2
0

I see your point, but any good system will send you a link that you have to click on, and then you reset your password from there. Short of jumping in ahead of you, which would be a bit obvious, they can't know your password. Of course, they can take some good guesses if they have an evil turn of mind.

2
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018