Hacker News new | ask | show | jobs
by DanBC 5060 days ago
No.

Writing your password / passphrase down allows you to chose a good, strong password. You do not give anything that links that password to a particular service.

Most people will only need to refer to the written password for a week or so, and then they will remember it.

You put the piece of paper in the wallet because you want people to treat it like a 50 dollar bill. People leave bits of paper anywhere, but they don't leave 50 dollar bills everywhere.

Not writing down the password? Yeah, we see how well that works. (https://www.google.co.uk/search?q=most+popular+passwords)

It is baffling to me that authenticating to computers, software, and services is still so weirdly broken. Especially since there is now billions of dollars involved in it.
1 comments
ricardobeat 5059 days ago
You don't need to link it to any particular service. There is a 99% chance the person has a gmail/facebook/twitter/live account.
link
DanBC 5059 days ago
I know that you're not suggesting that people should reuse one password across multiple services. In your model:

1) I have to lose my wallet and

2) Not change my password and

3) You have to know my login email address and

4) You have to find which service the email and password work for

...and all of these have to happen in the time between setting a new strong password and learning that strong password. Because when you've learnt the pass you stop carrying it around.

If you lose your wallet there's a bunch of stuff you need to do. You need to cancel your cards, for example. Keeping a single password in there (for the short time it takes you to remember it) means that there is one more step added - you need to change that password.

You're also failing to do a sensible risk analysis. The threat model for passwords is "hackers, anywhere in the world". The venn diagram of that very big set has a teeny tiny intersection with the much smaller set of "people who have access to my wallet if I happen to lose it".

Writing down a good password means that you get to use a good password. You get to choose a properly strong password, with many characters of mixed case including numbers and specials; or a 6 word passphrase.

link