[bigiain]

Unfortunately, my AppleID password is one I _do_ need to remember - I need to use it often, and in places that 1Password won't auto fill. At least: the iCloud website login, various iDevices when using app store, and iTunes on several machines (all on the home sharing network). The alternative seems to be to have all those devices "remember" my AppleID password, which seems like a security lose.

[nl]

Unfortunately, my AppleID password is one I _do_ need to remember - I need to use it often, and in places that 1Password won't auto fill.

Write it down on a piece of paper (or use a password manager that will show your password).

Back in the 1990's "writing down passwords" was considered a huge security hole.

Now day's attack vectors have changed and it is probably more safe than using a memorable password.

The alternative seems to be to have all those devices "remember" my AppleID password, which seems like a security lose.

If your devices are physically safe, and iCloud has remote log-out (does it?) then this may be more safe too.

[danso]

Not disagreeing with you but think of all the times you need your appleID on the go. Carrying around a piece of paper may not be feasible or ideal

[DanBC]

The strong password has value. Credit cards and cash have value.

Write the strong password on a credit card sized bit of paper, and keep it in your wallet.

People tend to keep their wallets safe.

Most people can learn complicated passwords after a few days or weeks of use, so you can keep the paper in a safe place at home once you've learnt it.

[ricardobeat]

Worst advice ever. Now you only need to lose your wallet and you're in the same situation as the article's. The old advice is still sound.

[nl]

A random string of characters in a wallet doesn't have a lot of value. Of course, don't write down what that string is for, and make sure you have another copy at home. If you are really concerned, leave off the first character of your password and remember that.

The truth is that 2-factor authentication is the real solution. But one has to make do with imperfect solutions

[DanBC]

No.

Writing your password / passphrase down allows you to chose a good, strong password. You do not give anything that links that password to a particular service.

Most people will only need to refer to the written password for a week or so, and then they will remember it.

You put the piece of paper in the wallet because you want people to treat it like a 50 dollar bill. People leave bits of paper anywhere, but they don't leave 50 dollar bills everywhere.

Not writing down the password? Yeah, we see how well that works. (https://www.google.co.uk/search?q=most+popular+passwords)

It is baffling to me that authenticating to computers, software, and services is still so weirdly broken. Especially since there is now billions of dollars involved in it.

[ricardobeat]

You don't need to link it to any particular service. There is a 99% chance the person has a gmail/facebook/twitter/live account.

[cheald]

If you label the passwords you're probably doing it wrong. If someone pulls out a piece of paper that says "QWhXnLv0qzi1h1m" out of my wallet, how are they going to use it?

If you're worried about someone stealing it, just shift the password over, so it's now "mQWhXnLv0qzi1h1 > 1" on paper.

[ricardobeat]

Any tech savy person knows that has a strong possibility of being a password. Grab an ID, google "your name gmail", log in.

The kind of weak encrypting scheme you can remember is easily defeatable, this is still very vulnerable even if you leave one or two letters off (which you'll have to remember in addition to the scheme). So, going back to the parent, no, this isn't safer than a password in your head.

[katbyte]

There are strong/long passwords that are easy to remember:

%Thisspasswordd1s1nhonor..ofmy246catSS!!

http://xkcd.com/936/

having a 20-30 character long password is fairly easy, it may not be 100% random, but (correct me if i'm wrong) a password that long with just a handful of random extra letters and numbers is going to be rather easy to remember and probably going to be just as had to brute-force.

[DanBC]

You have to be careful when adding some random characters, because most cracking software includes dictionary mangling options.

Thus, option 0ption opt1on etc all get mangled into a wordlist, while )*&HD@IHU don't. Yes, it still increases difficulty, and they are much easier to remember, but people need to be careful.