undefined | Better HN

0 pointskikoreis4y ago0 comments

Yes, but let's be fair, it's a galaxy better than writing it on a post-it or password booklet, and still way better than using a memorable passphrase which will get reused and then leaked.

Besides, you can encrypt the local storage with a master password (and if you accept online as a requirement, you could even add 2FA to that).

0 comments

Mordisquitos4y ago

A (well handled) physical password booklet is much more secure for the average home user, who is unlikely to ever be individually targetted by a third party attacker, let alone to the level of the attacker physically breaking into their home. My parents being victims of a zero-day vulnerability or installing a malicious application by mistake are much more realistic scenarios than their house being broken into and their password booklet being stolen by a thief who is meticulous and observant enough to take it and know how to make use of it.

Not only that, I would argue that a physical booklet is not only more secure but also safer. Nothing short of a house fire will destroy the booklet, and however much I like to rave about old-school ThinkPad durability, I don't think my locally stored encrypted database would survive that either.

ta894895444y ago

A password booklet works well at home, but it's obviously much less secure if you wanted to sign in to a service while in public on your phone for example. One of the major benefits of a password manager is that your passwords are present, encrypted, on all of the device you need them on. Most people don't only need passwords at home, so the odds of theft or loss of the password book are much higher than your example makes it out to be. If we're talking about an average user, the solution of only sign into services at home isn't really an option.

eherot4y ago

You are correct that the access security of a booklet is almost certainly better than that of a password manager. The issue with the booklet is that humans do not like transcribing long strings between computer and paper so (at least in my experience) people who use the booklet method tend to eschew longer passwords, they tend to avoid creating new passwords when they can re-use an old one, and they don’t change the passwords very often (if at all). Also in the event that the booklet is ever lost or stolen (which is made significantly more likely by the fact that you must carry it around with you everywhere in this age of the pocket computer), you are suddenly in a very bad place.

bryanrasmussen4y ago

>Yes, but let's be fair, it's a galaxy better than writing it on a post-it

the modern security hazard is not someone reading your post-it that is sitting on your desk, it is someone remotely getting access to some part of your computer or some service you own that can tell you what the password is.

The post-it note in our world is more secure than lots of things that have replaced it.

on edit: I see Mordisquitos said it better than I.

m-p-34y ago

The password booklet can be secure if you have good physical security, and is immune to a software zero-day and autocomplete exploits.

teknopaul4y ago

this x 10, computer security is usually flawed, personal security is (bar a few war zones) much better.

weswpg4y ago

there are a lot of war zones in this world though. given that and the number of Third World countries with high levels of crime and poor public security, I suspect that a significant percentage of the worlds technology-using population might have better digital security than physical security

m-p-34y ago

It's always about evaluating your OPsec and tailoring it to your needs and threat assesment.

WindyLakeReturn4y ago

>but let's be fair, it's a galaxy better than writing it on a post-it or password booklet

Is it? If someone is physically in your home you are in greater trouble anyways and even then they likely aren't going to be grabbing a notebook. Just keep it somewhere nearby but hidden (notebook in a drawer on the desk).

j / k navigate · click thread line to collapse

0 comments

Mordisquitos4y ago

ta894895444y ago

eherot4y ago

bryanrasmussen4y ago

>Yes, but let's be fair, it's a galaxy better than writing it on a post-it

The post-it note in our world is more secure than lots of things that have replaced it.

on edit: I see Mordisquitos said it better than I.

m-p-34y ago

The password booklet can be secure if you have good physical security, and is immune to a software zero-day and autocomplete exploits.

teknopaul4y ago

this x 10, computer security is usually flawed, personal security is (bar a few war zones) much better.

weswpg4y ago

m-p-34y ago

It's always about evaluating your OPsec and tailoring it to your needs and threat assesment.

WindyLakeReturn4y ago

>but let's be fair, it's a galaxy better than writing it on a post-it or password booklet

j / k navigate · click thread line to collapse