Write them down and KEEP THEM IN YOUR WALLET. I have some root passwords and my obscure "secure" account passwords written down in my wallet. (My main password and ssh passphrase are 100% memorized, so it is not an issue there)

Likewise, you want Bruce Shneier's passwords? You mug him!

The lesson is that the wallet is already kept reasonably secure: I know where it is at effetively all times, and the union of people who would want to steel my wallet is very different from those who would break into my account, and I'd know it if my wallet went missing anyway.

Likewise, all the funky pin based authentication tokens are doing the same thing, giving you a physical device, which you stick in either your wallet (cardkey-shaped) or keychain (keyfob-shaped), attaching the secret into something you really care about.

Now you really CAN bang on random keys, get a purely random password, and until repetition makes you remember it, you have ready access.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/245/26487#26487