[SecurityNews] Should you write down your password?steemCreated with Sketch.

in #securitynews7 years ago

Welcome to [SecurityNews] where we go through important security concepts using clear language and focusing on important topics for everyone.

Passwords are our current focus, and you can view our last post on this topic here about using password manager to enable you to store and use really complex passwords. You don't even need to remember them!

A classic tech support story is the tale of the executive manager who writes down all the really important company passwords, places them on a post-it note, and then puts those on his monitor on his desk. Stupid right?!?

Well, it depends. While you should use a password manager to store your passwords, you still have the threat of a network-based attack.

Keeping your passwords in plaintext, on your desk, opens a different threat. If someone walks through your office and views the password, they can then use it back on their desk. This includes employees, cleaning staff, contractors and more. To make it clear... writing down your passwords is normally a bad idea, and they should not be visible to anyone else.

However, there are exceptions. If you have a lockable safe in your office, you can put passwords there. In fact, you should put your crypto passwords in a safe. This protects against your computer of mobile suddenly exploding and you can't access your funds. By the way, you should also put a full description of how to use that password, in case you pass-away and your family needs to access those funds.

If you do not have a lockable safe, then please just use a password manager. Most of them can store notes as well as passwords, and are protected on your computer. This does mean you need your computer to be secure though, a topic we will look at in the next lesson.

Another exception is one that really should go away soon. Older computer systems often do not have good access management, meaning everyone uses one account and one password. In that case, the password is shared around freely and everyone knows it. If you have such a system, consider some type of protection where the user has to log in with their credentials. For instance, allow access to the old system only via a server that only authorised people can access. Put the password on a note on that server, and suddenly nobody needs to view the password!

Thank you for reading! Please help us out by spreading the word and sharing this with one friend or on social media.