[Drakim]

Yeah, I reacted to that too. It's like nonchalantly saying that you have all your passwords written on post-it notes at your desk.

The topic of discussion shouldn't be how to secure your desk from spying eyes, but about why having post-it notes with passwords is bad practice and just a bad idea overall.

If your private github repo accidentally goes public, the response should be "that's annoying but ultimately harmless", anything else is misguided.

[bluGill]

Postits for passwords are better practice than memorizing passwords. If you can memorize it, it is a bad password. Password managers are better yet, but you still need the master password.

The problem is not keeping those passwords in a secure location, treat it like a stack of $100 bills.

[Drakim]

For your home desk? I can buy that. But for your work desk? No way is that even remotely more acceptable than having a memorizable password.

[bluGill]

You don't leave them on the desk. Lock them up with a key. Every office gives you file cabinet that locks.

[Drakim]

That's basically an analog password manager, we have gone full circle.

Or we return the metaphor to github repos, having a separate cabinet is like having a secret vault so that secrets are not directly in plain view in the repo itself, which is exactly what you should be doing.

[bluGill]

Not quite full circle as we have now agreed that writing your passwords down on paper is acceptable.

[Drakim]

I'll grant you that, it's not the medium that matters. But pen on paper wasn't my objection, it was the post-it note on the bezel of your monitor.