Should We All Be Writing Down Our Passwords?

There is a roaring trade in paper password notebooks. A quick look on Amazon and you will find passwords journals, passwords keepers, Internet address and password log book and even and I Love My Password! book, amongst many others. Seemingly, these go against everything we are told by security professionals. Passwords are secrets and as every good spy knows, you don’t write them down unless the message will in self-destruct in five seconds!

But should we all be writing down our passwords?

In yet another article in the national media, in which the victim of cybercrime explains how they had fallen foul of using the same password for multiple accounts. Angela Sasse from University College London and Director of the UK Research Institute in Science of Cyber Security explain to The Telegraph that “the safest way” is to write them down on a pad of paper and “keep this locked away”.

In one respect, this makes perfect sense, when you consider the sheer number of online accounts we all have, and the advice that we keep getting rammed down our throats, that we need to keep passwords different, regularly changing and complex. For most, it simply isn’t possible to memorise this, and hence we use simple, the same, or variants of the same passwords to login. So, if we write them down we don’t have to remember them. Brilliant!

The problem is keeping this locked away. Where do I put my password journal? If it is at home I can’t use it when I am out and about. If I put it in my bag, then an opportunistic thief will have hit the jackpot, as they would have my laptop and all my passwords. They could have a field day stealing my identity and money at will. One solution that is often mooted is a digital password vault that does that same job as the pen and paper equivalent. However, these are often secured by a password and that means every password you have is protected by just one.

All consumers really want is a simple and secure way to login, whenever we want and wherever they are. Is that too much to ask?  We think it isn’t. I may sound like a broken record, but if every organisation large or small open their doors tomorrow morning and decide to replace passwords, with something more secure and convenient for all concerned they can.