9
   

is it safe to write passwords on paper?

 
 
Wed 20 Nov, 2013 03:01 pm
hi,
many times, people working in IT companies strongly advise NOT to write passwords on paper. because, it is assumed that someone might see that password and copy it, so that person might hack into the owner's email account. I have thought of a small trick which makes it practically
impossible to hack the email account even if the password is written on paper.
let us assume that password of my email account is %jAv83LOinFsQ%5 which is basically just random bunch of characters
it is difficult for me to remember such passwords if there are more number of such passwords. so, i write it down on paper, but i will only write it as %jAv83LOinF
BUT, I WILL NOT WRITE THE LAST FOUR CHARACTERS. I will remember them ( that is, sQ%5) So, even if anyone reads the paper on which %jAv83LOinF is written, still even then they cannot know last four characters. so, it is useless to them. If at all they have to hack my email
account, they will have to try different combinations of last four characters which is not practically possible because it will need at least around 25 million combinations or may be even more
please can anyone clear this doubt of mine? it is important to me because if by chance there
is any defect in this procedure which I am not yet aware of, then it will be prone to hackers
 
Butrflynet
 
  3  
Wed 20 Nov, 2013 03:09 pm
@pgmfordownloads,
The whole point of having a long, complicated password that is not easy to remember is to make it extremely difficult for a hacker to be able to figure it out through trial and error and a program to do such testing.

Writing down all but the last four characters eliminates that protection and reduces the security of that password to that of a four character password that can easily be hacked.

pgmfordownloads
 
  1  
Wed 20 Nov, 2013 04:25 pm
@Butrflynet,
yes, you are right...... 4 character password can be hacked easily if large number of login attempts are made... but i doubt websites like gmail, yahoomail, and other reputed sites will allow that many number of login attempts within a short span of time (let's say 7 or 10 days). and there is one more thing.. if i choose 4 characters in a totally random way, then for each character has totally 73 possible values (26 small alphabets+26 capital alphabets+11 special symbols+10 numerals). so, 73 multiplied by 73 multiplied by 73 multiplied 73 means totally 2,83,98,241 combinations.... i seriously doubt gmail or yahoomail or facebook are so naive that there are going to allow such king of login attempts... or do they? i don't know
0 Replies
 
BillRM
 
  1  
Wed 20 Nov, 2013 06:06 pm
@pgmfordownloads,
The length of a password is the most important factor as once all common passwords are gone through by an attacker in a dictionary attack mode then random guesses need to be try and the longer the password the longer the attack will take.

Let see for for this website a brute force attack on the password of able2know%%%%%-<<<<< would take as follow from
Quote:
https://www.grc.com/haystack.htm

Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:

Assuming one thousand guesses per second) 1.93 trillion trillion centuries
Offline Fast Attack Scenario:

(Assuming one hundred billion guesses per second) 19.31 thousand trillion centuries

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 19.31 trillion centuries

Note that typical attacks will be online password guessing
limited to, at most, a few hundred guesses per second.


In any case, a very simple password with padding added that you can remember such as 5 "%%%%%" one "-" and 5 "<<<<< would be very safe indeed as in 19.31 trillion centuries
BillRM
 
  1  
Wed 20 Nov, 2013 06:21 pm
@BillRM,
Here is a link to a video that explain the point I am making that the over all length of the password being the most important factor over just randomness that is hard to remember.

http://abclocal.go.com/kabc/story?section=news/consumer&id=8361856
0 Replies
 
roger
 
  1  
Wed 20 Nov, 2013 06:33 pm
@pgmfordownloads,
Your password is then about as safe as your piece of paper. You should probably not tape it on the underside of your keyboard.
0 Replies
 
BillRM
 
  1  
Wed 20 Nov, 2013 07:40 pm
There is a wonderful little exe program for free by the name of locknote that have a notepad type of editor along with AES 256 protection where you can type in all your passwords into locknote and only need to remember one long password to open the locknote program and then y0u can cut and paste your other passwords from the locknote file/program to whatever website you are accessing.

I have all my passwords in a locknote file on a memory stick on my key chain.

To me far better then a piece of paper with passwords on it.

http://sourceforge.net/projects/locknote/


0 Replies
 
maxdancona
 
  0  
Tue 15 May, 2018 03:11 am
Yes, it is usually(*) safe to write passwords on paper. Who are you worried about. In most cases, people finding a slip of paper are not very much of a risk.

Hackers aren't coming into your office looking for pieces of paper taped to your keyboard. That is a really inefficient way to hack people's passwords. The way people steal your password is writing millions of phishing emails, getting password files and usernames, and then writing brute force algorithms to crack your password. They are stealing millions of passwords... they simply don't have time to go into your office.

This isn't always true, of course. You have to understand the situation. If you work for a bank, or a defense contractor; places where there is an obvious target valuable enough that someone would break into your office to steal your passwords, then you should be really careful about security.

But for most of us, the risk is botnets and hackers from Russia. These people will never hop on a plane to look at your paper. In fact... writing passwords on paper might be the most secure place to store them. Passwords on paper will never be found by a worm or a phishing email. They can't be hacked. A piece of paper at my office is accessible to 20 people who I know and trust, plus janitorial staff. And if someone goes through the trouble to break into my home to find my passwords... I am probably already in trouble.

That being said, if I have your piece of paper with the 4 digit trick (or any trick) you make is significantly easier for me to run a brute force attack. You are cutting down the number of combinations I have to try.... and remember I can try millions of passwords per second (and the government can try billions). The reason it is safe is because I will never take the time to steal your paper (not because these tricks are secure).

AND... as I said before. Everyone should be using two-factor authentication on their email password, banking passwords and any other password that might be valuable to a criminal.
0 Replies
 
sdsullivan
 
  0  
Fri 15 Jun, 2018 11:53 am
You can also use your smartphone to store passwords. Create a contact on your phone for site or service needing the password.
With so many new smartphones having a fingerprint or facial recognition access you can store your passwords securely in the notes of the contact.
maxdancona
 
  0  
Fri 15 Jun, 2018 01:44 pm
@sdsullivan,
Well. Your smartphone is connected to the internet. That means it takes one phishing email or security flaw to get at whatever is on it.
0 Replies
 
martinsmith
 
  -1  
Wed 13 Mar, 2019 04:35 am
@pgmfordownloads,
Yes, it is safe to write passwords on paper...
tsarstepan
 
  1  
Wed 13 Mar, 2019 09:38 am
@martinsmith,
martinsmith wrote:

Yes, it is safe to write passwords on paper...

Write your email, password, social security number, home address and phone number, birthdate, mother's maiden name, and a few simple biographical details that may or may not be used for security questions and leave it in the open on your desk at work.

Better yet. Scan or photo the paper and post it on Instagram, Tik Tok, Twitter, Snapchat, and LinkedIn. It'd be so much safer that way.
0 Replies
 
Joness
 
  -2  
Fri 22 Mar, 2019 06:47 am
@pgmfordownloads,
i think no(
0 Replies
 
manishsharma12
 
  -1  
Mon 25 Mar, 2019 04:45 am
Never !! You need to store passwords in the encrypted form in your PC.
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » is it safe to write passwords on paper?
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.12 seconds on 12/08/2024 at 07:56:18