On Tue, Dec 17, 2024 at 08:07:52AM +0100, Loris Bennett wrote: > <to...@tuxteam.de> writes: > > > On Mon, Dec 16, 2024 at 10:22:43PM -0600, John Hasler wrote: > >> songbird writes: > >> > perhaps because the accounts are jointly owned and it is much easier > >> > to just continue using the credentials as they exist instead of having > >> > to set everything up all over again for no real gain. > >> > >> Then follow Bruce Schneier's advice and*write them down*. > > > > Do you have a reference? > > > > I ask because I'm in the middle of a discussion (and that was my advice, > > too). Seeing what Schneier has to say on that would be very interesting. > > I have a German copy of "Secrets & Lies" from 2001 in which Schneier > discusses writing passwords down on p. 138 (Chapter 9 "Identification > and Authentication, Section "Access Tokens"). He says that passwords > are no worse than other "simple tokens" (anything which can be stolen or > copied) but if you write them down, keeping them in your wallet can be > safer than sticking them with a post-it to you monitor. His actual > advice is that you should only write half your password down and commit > the other half to memory.
Thanks :) Cheers -- t
signature.asc
Description: PGP signature
