The most ill conceived computer-related stocking filler on Amazon? (opens in new tab)

(amazon.co.uk)

19 pointswilliam_uk13y ago20 comments

20 comments

I would argue that this may be one of the best possible computer-related stocking fillers. Used religiously this would vastly improve the security of most users, as explained by the other posters. As well, the conversation it starts may be even more helpful. Explaining why writing down passwords is actually a good idea will go a long way towards educating people about the actual risks of passwords. Maybe you can convince somebody to use a software password manager instead and they'll use your gift for grocery lists. Either way, mission accomplished.

__alexs13y ago

Writing down complex passwords is often better than using simpler ones you can remember. Especially if it reduces password reuse.

The probability of your home or work place getting burgled is probably lower than the chance of the N random websites you have passwords for getting hacked or burgled.

jgrahamc13y ago

Agreed. Schneier made this point long ago: http://www.schneier.com/blog/archives/2005/06/write_down_you...

I adapted it to carry my passwords in my wallet: http://blog.jgc.org/2010/12/write-your-passwords-down.html

macavity2313y ago

True, and furthermore, the probability of getting burgled by someone who gives a crap about your passwords is pretty much zero. There is very little overlap between the sets 'burglars' and 'identity thieves'.

objclxt13y ago

More to the point, once you take the label off it's just a black bound book. How many burglars are taking boxes of books out of houses? Unless you're the owner of a rare book collection, probably very few.

jaachan13y ago

A list of passwords written down is a whole lot more secure than a single really simple passwords used on each site. And if you keep the book as secure as your car keys, it's as secure as an average user is going to be.

It's more portable that software password managers, though the passwords are likely to be less secure. Then again, I keep ending up having to narrow down what characters I can and cannot use in a password after generating them, so you can't make as much use of that as you'd want. A lot of user will still just use '1234' everywhere, but for most users it might actually be pretty good.

On top of that, having a list of accounts makes it easier to cross reference them when you see a news report about a site's password database being leaked.

sturadnidge13y ago

I don't think that is ill conceived - I would be much more comfortable giving non-technical users something like this and telling them to:

a) keep it physically safe

b) use a relatively simple, memorable cipher (e.g substitution)

c) use a different password for each site

... rather than trying to get them to use LastPass or Password Safe or the like.

A kindle version of this would probably qualify for 'most ill conceived' however ;)

limpangel13y ago

The problem is that the cover is far from inconspicuous. :)

davidw13y ago

The product description says "Removable label and discreet cover design", though.

1 more reply

commanderkeen0813y ago

Alright. Let's take a personal inventory.

Chance of burglary: ???% Chance that one of the 1000 sites you signed up for gets hacked because they're bad at security: ???% + 1

I'd much rather buy this for my grandparents and have them use 1000 complex passwords than have them use one password for everything and have them be screwed when X Service gets hacked.

But let's be serious, this isn't going to get stolen.

chris_wot13y ago

If it gets stolen, you lose your identity. If you lose it, you can't get access to your life. Awesome

fwr13y ago

Not everyone's life is on the internet only.

chris_wot13y ago

Not sure what point you are making. This is or recording passwords and usernames. 95% of passwords will be for online services.

bryanlarsen13y ago

Every website has a way of resetting your password. You'd be fine.

chris_wot13y ago

Thus you negate the need for the book :-)

martinced13y ago

Then you buy two books and put one in a safe at a bank and, once in a while, you keep it in sync with the one you keep at home / on the road.

If a burglar steals it, you can run at the bank to take your 'backup list of passwords' and start changing your passwords.

If you lose it, same thing.

Then you re-create another book so that there's always one in a safe at the bank ; )

I've got a list of all my passwords, without any encryption, in a safe at the bank. They serve two purposes: in case I forget my passwords (I do write them down at home in some 'encrypted' form that is not meant to resist the NSA but that would stop 99.99999% of all the burglars on earth) or in case I die (my family would then be able to access my various online accounts).

chris_wot13y ago

So now you have two books that will be out of synch, which is worse than losing the book in the first place. And your book can still be stolen. Only this book will be totally up to date (which is fantastic for the thief) but the book in the safe probably won't be.

This is not inspiring in me further confidence in the methodology...

tangue13y ago

Ok it's more secure against bruteforce hackers at the other end of the world, but you'd better have nothing to hide to your wife, children and coworkers with this kind of tool.

bryanlarsen13y ago

That's actually an advantage, IMO. My wife knows the password to my password manager in case I get incapacitated. I should also put similar instructions in my will.

j / k navigate · click thread line to collapse

20 comments

bryanlarsen13y ago

__alexs13y ago

Writing down complex passwords is often better than using simpler ones you can remember. Especially if it reduces password reuse.

The probability of your home or work place getting burgled is probably lower than the chance of the N random websites you have passwords for getting hacked or burgled.

jgrahamc13y ago

Agreed. Schneier made this point long ago: http://www.schneier.com/blog/archives/2005/06/write_down_you...

I adapted it to carry my passwords in my wallet: http://blog.jgc.org/2010/12/write-your-passwords-down.html

macavity2313y ago

objclxt13y ago

jaachan13y ago

On top of that, having a list of accounts makes it easier to cross reference them when you see a news report about a site's password database being leaked.

sturadnidge13y ago

I don't think that is ill conceived - I would be much more comfortable giving non-technical users something like this and telling them to:

a) keep it physically safe

b) use a relatively simple, memorable cipher (e.g substitution)

c) use a different password for each site

... rather than trying to get them to use LastPass or Password Safe or the like.

A kindle version of this would probably qualify for 'most ill conceived' however ;)

limpangel13y ago

The problem is that the cover is far from inconspicuous. :)

davidw13y ago

The product description says "Removable label and discreet cover design", though.

1 more reply

commanderkeen0813y ago

Alright. Let's take a personal inventory.

Chance of burglary: ???% Chance that one of the 1000 sites you signed up for gets hacked because they're bad at security: ???% + 1

I'd much rather buy this for my grandparents and have them use 1000 complex passwords than have them use one password for everything and have them be screwed when X Service gets hacked.

But let's be serious, this isn't going to get stolen.

chris_wot13y ago

If it gets stolen, you lose your identity. If you lose it, you can't get access to your life. Awesome

fwr13y ago

Not everyone's life is on the internet only.

chris_wot13y ago

Not sure what point you are making. This is or recording passwords and usernames. 95% of passwords will be for online services.

bryanlarsen13y ago

Every website has a way of resetting your password. You'd be fine.

chris_wot13y ago

Thus you negate the need for the book :-)

martinced13y ago

Then you buy two books and put one in a safe at a bank and, once in a while, you keep it in sync with the one you keep at home / on the road.

If a burglar steals it, you can run at the bank to take your 'backup list of passwords' and start changing your passwords.

If you lose it, same thing.

Then you re-create another book so that there's always one in a safe at the bank ; )

chris_wot13y ago

This is not inspiring in me further confidence in the methodology...

tangue13y ago

Ok it's more secure against bruteforce hackers at the other end of the world, but you'd better have nothing to hide to your wife, children and coworkers with this kind of tool.

bryanlarsen13y ago

That's actually an advantage, IMO. My wife knows the password to my password manager in case I get incapacitated. I should also put similar instructions in my will.

j / k navigate · click thread line to collapse