What Could Happen If You Write Down Your Passwords

Writing Down Passwords

In early 2018, the whole state of Hawaii plunged into a panic after an employee of the local emergency management agency clicked the wrong button and accidentally sent out a false missile alert. Not surprisingly, people at the agency received the obligatory flak for the procedures they had set up, which, to a certain extent, was well deserved. Just as the dust was starting to settle, however, someone came across an old photograph which immediately prompted many to point more fingers and throw more allegations.

A password on a piece of paper

The picture was taken several months before the missile alert, and it showed an agency employee posing in front of an arrangement of monitors. The photo showed that the Hawaiian Emergency Management Agency was using Windows 7 and Internet Explorer which is normally enough to get many security specialists hot under the collar. Most people weren't paying attention to the old software, though. They were more focused on a sticky note stuck to one of the monitors which contained a password for one of the agency's internal applications.

The subject of writing down passwords on paper was brought back into the limelight, and some people were in a hurry to point out how this is quite possibly the biggest security sin you can commit.

An old-fashioned solution to a modern problem

We reckon that before they start calling users out, critics should probably stop and think about why people feel the need to write their passwords down.

You have probably grown sick of hearing what a good password is. You know that protecting all accounts with easy-to-guess passwords is not a very good idea and that reusing the same password is even worse. Some people try to stick to the experts' advice, but they are immediately faced with the problem of remembering all the unique, long, and complex passwords. For many, writing them down on a piece of paper seems like the easiest, most logical solution. But how risky is it exactly?

It's all about risk assessment

The photo of the Hawaiian Emergency Management Agency employee posing next to a yellow sticky note with a password written on it shows that this habit can sometimes have serious potential consequences. The truth is, however, this is just one situation. There are many others in which scribbling down a password on a piece of paper wouldn't be such a big problem. To decide whether or not to do it, you need to take into account your (or your organization's) threat model.

The first thing to consider is the environment in which you store passwords on pieces of paper. At an organization, people often need to share passwords, and the sticky note, for all its drawbacks, is among the most popular choices. Unfortunately, mistakes are made quite often. In some cases, it might be fine to write the password on a piece of paper and make it visible for everyone who is going to use it, but this should only be done if no outside people enter the office. As Hawaii's Emergency Management Agency employees can testify, if you expect a visit from a camera crew, the sticky notes should be hidden out of view.

A similar assessment must be applied at home as well. Usually, you trust the people you invite in your house, but this doesn't mean that you're willing to share your passwords with them. If you insist on using a pen and a piece of paper, consider writing the passwords down in a notebook, and putting the notebook away from plain sight. You rarely need to share a password at home, so compared to a sticky note, this is by far the wiser solution.

Some say that even this is a bad idea because of burglars, but for many, this is not a viable argument because if someone does break into your house, they will be after your television, not your passwords. There's a reasonable amount of truth in this, but even so, you can still take some precautions that can keep your accounts safe in case your notebook of passwords falls into the wrong hands.

For example, you can add some additional characters to the beginning of each of your passwords and some more at the end. That way, if someone tries to log in to your account with what they see in the notebook, they won't be able to get in, yet because you know the pattern, you will know which characters you need to remove to get the actual password.

The easier option

Writing down passwords on a piece of paper does solve the problem of trying to remember them all, and if you're careful enough when considering the risks, you can make the most of this rather crude technique. It does have its problems, though. For example, nowadays, we often need to use our login credentials on multiple devices which means that the notebook of passwords might not be the most practical solution.

And in any case, why rely on old technology when the 21st century has given us a much more convenient, advanced, and comprehensive way of solving the problem? A dedicated password management application like the Cyclonis Password Manager can store and encrypt not only your passwords, but also your payment and account information, and it can even save you the hassle of entering it when signing up for a service or completing an online purchase. With it, creating a strong new password, a challenge at the best of times, is as easy as clicking a couple of buttons. You only need to remember a single master password. Click here to learn more about Cyclonis Password Manager.

March 18, 2019