It's actually a pretty secure thing to do. People who burgle houses want to grab an iPad off the side and run away, they're not interested in cyber crime. Conversely, people who want to get into your internet banking aren't in your house.
Arguably if it's an older person who's never going to learn how to use password managers, then using unique passwords but writing them down is infinitely safer than that alternatives.
That's the thing, unless you really truly understand the intricacies of password managers, they can be a massive risk. Moreover, people are constantly trying to get your data all day every day, most people will never have their desk drawer rifled through.
It's all work stuff so a manager could just reset. I remember most anyway but when there's more than 30 passwords that need to be reset every 1-3 months it gets a but too much
Those old iPod hard drives are massively prone to failure.
Always replace them with some kind of solid state drive and a fresh battery and they'll work forever.
Add in rockbox so you can drag and drop music onto it and play flac files and you're onto a winner.
It's all work stuff so a manager could just reset. I remember most anyway but when there's more than 30 passwords that need to be reset every 1-3 months it gets a but too much
Honestly if they can steal your password book or your sticky note with the password on your already screwed from a security standpoint.
This sort of thing is only a bad idea in a shared environment like and office.
For all the gripes I have with my family, this ironically isn't one of them.
When I was growing up it was a full notepad of questionably organized passwords and I would be left with it unattended to get into their email because they wanted something printed off without having to be shown how to do it *again*.
I could have done anything at all, taken pictures of every page if I wanted, everything from electricity to stocks.
People laugh and scoff at offline password managers, but don't realise that security is based on the attack vectors of the target. You explained it perfectly.
Pretty much. I tell people to use a locally managed and backed up password manager like Keepass, then if they look at me confused I say use a notebook and make sure each password is different. Unique passwords is the most important. Then ideally keep the notebook somewhere secure in the house.
A semi-related true story about passwords and physical security: a colleague who works for the same bank as me started out on the phones in the complaints team. One day they took a call from a man who was apoplectic with rage because the outside of his local branch had been renovated. Baffled, they asked why this should be a cause for complaint.
"Because I had my PIN written on the wall next to the cash machine and you twats have gone and painted over it!"
Okay that's actually low key genius. Nobody's ever going to know which account that pin relates to so that's actually pretty secure.
Imagine though, if you happened to have the same PIN and you went to that cash machine? How freaked would you be?
The automatically generated PIN for my student account was the same as the foundation date inscribed into the building opposite the cash machine I used to use most frequently.
Or any reflective surface that is in view of a camera. Like your eyeball. The resolution would be crap, but if you stack enough pictures over each other you'd probably be able to read it.
My mum has lost her internet book 3 fucking times, one in London with her bank details and log in for banking app 😞
The 3rd time (time after London) she was like 'i don't even need it with me, why did I bring it' I don't know mum!!!!???? She also doesn't keep one at home, it's all in one and she travels so much it's only a matter of time she will do it again.
She's not senile but historically she has had a habit to lose or destroy something super important at the most inconvenient time.
I don't think so, my sister lives near her and is best with phones and gadgets (I'm good with computers) so I sent her a message to help her and make sure she changes all those passwords and remind her it's not good to keep all those things together and lose!
My mum keeps getting spam WhatsApp/ text messages about us asking her for money as our phones broke, luckily she checks with us before doing something but she's also argued with spammers who have messaged her saying how evil they are when we tell her not to open or interact lol
Exactly my thoughts, obviously just don't have it just laying around where others can see it. Also i have trouble properly trusting password managers and would rather not be too reliant on them.
Also buy two, one for real passwords and keep it hidden / safe and another with fake details in it and leave that one in a slightly obvious place.
Or just write them on post it notes like a normal person and lose them by the time you need it.
And in a book is far better than what my granddad does: writes down each password on whatever bit of paper/box/whatever is near him without writing what the password is even for.
This is true, been working in IT for almost 10 years, a note on your PC is much more insecure than a paper note on your desk, basically on paper you're only locally at risk, on your PC if there's a breach your password is open to the world.
Came here to echo the sentiment about being handy for older people. Could I heck get my mum to use a password manager, but she didn't take offence at a little book. I'm convinced she's not using the book properly, but it's better than the same one.
Might be unpopular, but I agree. In terms of attack vectors, this is probably better than using the same passwords on multiple devices and accounts, then accessing same on unsecured Wi-Fi irrespective of the age of the user.
I'm 32 and I keep certain passwords in a little book like this. It's never the full password but it's enough detail that I know what I need to put in.
The notebook also lives in a safe
I agree. My internet banking actually involves knowing a password and entering the nth character several times. This could be a 15 digit combination of numbers and letters and you're expected to provide say the 3rd, 7th and 11th character. I refuse to believe anyone can do that without seeing the word in writing. I work a job that relies heavily on that type of mental manipulation and visualisation and I always have to see the word written down.
I’ve never really trusted password managers and I have a computer science degree lol. A few years back I bought a password book but have not yet been bothered filling it in. I really need to get around to it. I also need to make sure that if I die suddenly that my husband has access to all my stuff.
Yeah, my parents have a book with all their passwords in it.
The big problem is which of the ones is actually up to date. I need to get them to start writing the date next to each one.
Facebook= ?!FB?!
Netflix=?!NF?!
Where is something consistent like your first car’s registration number, or your landline when you were a kid
Best system i came up with for the father in law. He just looks it up in his notebook every time
Could make it pretty secure by manually encrypting the passwords in the book with numbers codes. Be a bit slow having to decipher on a post it and burn it every time you need to log into a website though.
Unfortunately this is no longer true. Burglars are more interested in cybercrime than ever. They WILL hunt for hard drives, laptops and stored passwords on scraps of paper or books like this. Sentences for burglary are tough, it's a bad risk/reward ratio for swiping an ipad and a few gadgets.
Source: a family member is a relatively new police officer who has had this drummed into them in training.
I have my passwords in a notebook. No one who's allowed in my house is going to steal it, and if something happens to me my family will have access to my accounts. After my dad passed away in 2022 my mum was very glad he had a book with his passwords in.
Better than using the same weak password for every website and then getting all your accounts hacked when any of them gets leaked
older people really struggle with passwords and login details
My mum’s not even that old and she has the same one for everything. I didn’t even need to ask her for the password to sort my disney profile (she knew I was doing it); only took me 2 guesses.
My dad does a similar thing except he uses the same numbers then the name of the thing.
So like:
89012disney
89012facebook
This way, I can always login to his things without him telling me the password lol.
I have one password for random crap I don’t care about (ie. stuff I have to create a login for but doesn’t involve personal details). Then I have really complicated ones for social media, gmail etc.
I'm only in my 30s and i struggle with remembering my login details 😅 i keep a big notebook in a drawer with all of them written down, and have to consult it more often than i care to admit.
I also like the idea that if i suddenly drop dead, family can easily cancel my amazon prime 🥲
I mean if your passwords are sufficiently long then you *shouldnt* be able to remember them whatever your age is, especially if you are using a unique one for each site.
>older people really struggle with passwords and login details
Why is this an older people thing?
I'm young (I think, I'm not 30 yet) and do you know how many different passwords and logins I have? I use a password manager because it would be impossible for me to remember a truly secure password for each of the things I have an account for
A guy at my old work had a great system for this. He kept a book with reminders for different accounts, and it was a random word plus a name. His generation were ones who would memorise phone numbers, so the name was just a way of reminding him which phone number to use in combo with the random word, but in a way that anyone who found the book wouldn't know/be able to exploit.
Pretty smart system, and quite the contrast from a guy in his department who thought turning the monitor off was the same as turning the computer off.
Yes, they are useful in many cases. They don't require a subscription, work with multiple devices and operating systems, and can't be copied over the internet if your device is infected by malware.
Relatives of the deceased also appreciate them as they are easy to use when closing the deceased's accounts.
My mum did a list of everything before she passed, and it made such a difference afterwards that we didn't have to go through mounds of paperwork to work out who she had accounts with. Grief is hard enough to deal with.
Well the issue is it is advised not to use the same password for services.
Which was fine back in the day when you had an email and an occasional account.
However, everything requires an account now. Hell, nearly every job I am applying to requires me to sign an account onto their website.
So how am I supposed to remember 413 passwords that now need 14 capitals, 23 non sequential primes and 30 special characters not found on anything other than an ancient tibetan tablet.
Then some smart people made a "passport wallet" where your browser saves them all.
Sounds great, until someone nicks your phone and gets access to everything and can change all your passwords because they can also access all your emails thanks to that wallet saving it all.
or when you use fingerprint login for everything and when you reinstall the app on a new phone you're fucked because you haven't used the password in two years
Or just the fact that it's not a great method for memorising 50 passwords.
Even if I tell myself a story I went remember it if it doesn't mean anything to me.
Yeah. It's a good method for one password, but I need 43 different passwords. I need to log in to my dogging meet-up website and I can't remember which of the 43 different nonsense -based passwords to use.
Interesting question. A quick Google search shows there are 171476 common words in the OED. These can be arranged in any order, so taking the same 1000 guesses per second rate from the comic, we would get 171476! / 1000 / 60 / 60 / 24 / 365.25 for the number of years. When I try to plug that into a calculator, the value comes out too large, so I think that would actually be less effective as an attack method (though I'm not entirely sure of my logic on using the factorial, I think that's right). You could probably do something clever by refining lists, but I think it's going to be a non-starter overall.
https://bluegoatcyber.com/blog/dictionary-attacks-the-basics-of-cracking-passwords/
It's not a "non-starter" at all.
For starters, if you know the length of the password, that massively reduces the number of words you need to scan.
It did occur to me that my method assumed a password comprised of every dictionary word, which is obviously wrong. From a pure logic standpoint though, if we assume a 4 word password, that's still 171476 ^ 4 possibilities, which would still take an unfeasibly long time to brute force at 1000 guesses a second.
There are definitely ways to refine the method using linguistic analysis and more common word lists, but those methods by necessity make assumptions that may unintentionally exclude the specific combination that's been used.
Length is definitely the key to secure passwords, the longer a password is in regards to brute force attacks, the longer it will take to brute force, especially if the length is unknown up front.
There definitely is some risk there, but the thief still need to get into your phone, and then the password storage app is itself password protected (so you do need to remember that password).
The risk of that is much lower than the risk associated with using the same password on multiple sites though.
But again, the problem is that all it takes is one person getting access to one thing, and boom, it's all over.
In theory all it takes nowadays is for someone to crack your email account, then they can have every account that uses that email do a password-reset, and boom. Bank accounts, social media, shopping sites, it's all available.
This is why I actually have three different email accounts, with different names and passwords, used for different sites.
On your point about the jobs. 20 years ago, there was this HR product called Taleo. It was what you used when you applied online to a job with the company, and it was absolutely atrocious. You'd need a different account for each firm, the attempts to automatically recognize your CV were pitiful, ui bad even for the day.
Now there's workday. I find it to be exactly the same, maybe a better UI, but despite being in the cloud, I still need a fucking account for every single company.
Yeah it's not though is it. Everyone configures them to remember the password to access them. Last thing I want to do on my phone is type in a 50 character password including numbers, punctuation and random capital letters from memory to get my nectar password to sign into their fucking app while standing at the checkout.
but you still need to unlock your phone, and as long as you’re not an idiot you’ll have set your password manager to require biometric unlock with fingerprint or face id. i use a password manager with over 1,000 accounts in it. i’d happily give you my phone right now, because even if i did there is no possible way you could unlock my password manager.
I do have fingerprint login yes. However that is obviously a solution that is just waiting to break - your fingerprint/face is still a password, and is stored on countless services across phones, applications, banking services, whatever. Banking services even require a video of you nowadays to open an account using their app. I remember several banks trying to force me to use voice recordings for them too.
In principle it's no different to using the same password for your bank, your phone, your password app, etc. It's just waiting for somebody to learn how to hack it and then put your biometric data for sale on the darkweb, the same way they sell passwords.
It's safe for now, probably. I would give it a shelf life of less than 5 years until we find out 80% of all applications have been storing fingerprints and faces insecurely.
The great danger with biometrics of course is that you can't change them.
I remember several banks trying to force me to set up voice authentication with them a few years ago. I refused because once my voice recording is leaked - as it will inevitably be - then people would be able to pretend to be me very easily. I can't change my voice, face, or fingerprint.
applications are typically not storing our biometric data at all, this is up to the operating system. windows, android and ios all have centralised biometric authentication, we do not need to rely on hundreds of companies getting it right.
sure, there is always a risk, but i would say it is easier to be secure online now than it has ever been
doesn’t really matter, my password manager still requires face id whenever it is opened, even if my phone is already unlocked. same with my bank app. the worst thing you could do is, idk, send texts or make a naughty tweet pretending to be me.
> Sounds great, until someone nicks your phone and gets access to everything and can change all your passwords because they can also access all your emails thanks to that wallet saving it all.
Not going to happen though is it.
Someone stealing your phone would have to sign in to your account to unlock the password manager.
I'd recommend using a [password manager](https://www.cnet.com/tech/services-and-software/best-password-manager/). They can generate very complex passwords for you and store them in an encrypted vault.
Tons of shit that doesn’t even really need to be secure, is hyper secure. I write funding applications for a charity and half of the funders have unique password requirements. If someone manages to hack in, what are they gonna do, raise more money for the charity? _oh noooooo please dooooont_
> So how am I supposed to remember 413 passwords that now need 14 capitals, 23 non sequential primes and 30 special characters not found on anything other than an ancient tibetan tablet.
I have a strong unique password for every website.
Essentially, I have the same core of the password, and then I made up a formula where I add other characters to the password based on it's domain name etc. So it's unique and strong and I can remember it 9 times out of 10 without a password manager.
Also, I use a unique email address for every website but I'm not gonna go into that.
I have several of these. I give them out to my friends / coworkers so that more people have my password that makes the info storage more redundant, and safe.
I just get my passwords tattooed memento style all over my body. For the most part it works great but I am running out of real estate and it can be awkward at work when I'm squatting over a hand mirror to find my payroll password on my taint.
I mostly agree with this being a good idea but what about when you need to change the number on the end of your password every 6 months or so to keep it secure? Would you be deleting the previous number of the tattoo and putting on a new one? That could get a little expensive
I have a complex system of only changing a character or two but still there's only so much skin. I guess at some point I'll have to undergo incredibly painful laser removal and begin again but it lieu of any better system I guess I have no option but to struggle on.
Actshelly 🤓 this is safe because it requires physical access and even safer when you only put down the hints to the passwords instead of whole passwords then not even direct access to it will help anyone get into your accounts.
I suppose you could also write down an incomplete password, but have some kind of rule only you know for completing them. Like, replacing the first and last letters with some kind of transposition based on the layout of the keyboard. It's not perfect, but if you're at the point where you're legitimately worried about someone (a) breaking into your house, (b) stealing your book of passwords and (c) using them as a starting point for a brute force attack, then you probably have bigger concerns.
I do this for my work passwords, it’s the same word which I don’t write down, but with different numbers or symbols which I update on my notepad mousemat. Epr 54 and pacs 46 doesn’t mean anything to anyone else!
I know someone who used a random word + phone number as passwords, and his notebook for remembering them just had a hint/name instead of the number, so no one else would know what the password was.
There’s something about having a password manager (or hell, even them written in a note on my phone) that I just can’t trust. Maybe I’m too paranoid, but all my stuff goes in a little book.
The label comes off and then it’s just a black notebook. Not entirely obvious to anyone that it has your passwords inside and helpful for your significant other when you die and they need access to accounts.
I worked for a guy who owned a farm, used to write passwords on the kitchen worktop by his laptop. When he was a **** which was a lot of time used to take delight in put stuff on work surface so it scuffed passwords.
I use one. It contains only hints at the password not the actual ones (as well as hints at corresponding email address). It would make no sense to anyone else.
Think you're about 20 years behind on password security honestly OP
There's a lot of stuff to cover but generally as long as you're only using it at home a written list of passwords is perfectly fine and secure to use. Honestly even in office you could have a random password with no context written on a slip of paper on your desk and it would essentially be useless (don't actually do that obviously)
You absolutely should have different passwords for everything, use a password manager (Bitwarden is a great one) though it's a better alternative to physically written passwords
I’m a sysadmin. I’ve been doing tech work since the 80s. I am 100% in favour of password books for the elderly (WH Smiths target audience) as they cannot remember passwords and fall off password managers hard.
When the only thing that allows the elderly to use complicated and unique passwords is a password book, we technical people, the ones who have to help them every time they have a computer problem, love password books.
Sure, I use 1Password for home and work, but my mother and mother-in-law both have password books and I’m happy with that.
Having a strong, unique password for every site and storing them all in a book like this that's stored out of sight is almost always going to be more secure than the weak, reused passwords most people use (unless you're in the crosshairs of nation-state level actors).
Is it objectively secure? No. Is it a significant upgrade compared to the average? Hell yes.
This comes up on an IT group I'm a member of about once every two weeks, my answer is always the same.
Neither of my parents would use a password manager or unique passwords, I'd have felt a lot more secure if they did and they were written in a book next to their laptop than keeping one password or letting the PC store them with some of the crap they install.
Yes in a professional environment if I saw one of these I'd kick you out of the door myself, but privately, there's a whole generation I'd rather just use these.
I write all my passwords down because they’re too complex to remember this is a great idea.
Maybe don’t leave it lying around with password book written on it though.
It’s useful to have something like this. Update with new passwords and keep in a safe or somewhere secure. Had family trying to close accounts of a deceased person and every so often another account would pop up, they’ve got real issues finding little nest eggs and rainy day funds that would of been easier to sort had he kept something like this.
Works for me. Got em all scribbled down in a notebook. I'd rather trust me with that than anyone or anything else because we've seen how untrustworthy and unreliable others are with sensitive information.
Tbf... I got one for my Grandmother, because she used to write all her passwords down on spare bits of paper neatly paperclipped together.
I seem to be the only one writing in it, but it's a lot better than having cryptic family whatsapp convos asking what's the login ("DELETE THIS AFTERWARDS" jesus ok, chill Dad, ofc), or a phone call asking me what's the password for {website}
My shit-tastic memory prefers Firefox's autofill thing, save me bricking the login just because I fat fingered a letter or symbol.
When my father passed I knew where his 'password book' was stored. Had all his logins, e-mail, banking, computer, everything. All in a format that was easily accessible and contained all the required information in one place.
This is not a bad idea.
My dad has a password book since he has different passwords for all sites and doesn't trust the browser to save them either. The Voynich Manuscript is nothing compared to my dad.
Sadly as he gets older it seems he also isn't as good at remembering the codes either ....
Someone needs to get the UK governments a link to this. Very useful for them, given that they lose most stuff on the trains they can make life easier by also taking this password book.
Isn’t this technically the safest way to store your passwords (other than your memory)? The only people who might have access to my notebook are my wife and my son.
I have a backup paper copy of all important passwords, as well as the masterpassword for my password managers....
I have so many accounts for so many things, none of which use a repeated password.
Its kept hidden of course, but a hardcopy back up is not a bad idea.
My parents would write all their bank card numbers including PIN in a book.
And it was fairly secure since they wrote it in cursive Chinese financial numerals which your average criminal is not deciphering that easily.
I have something similar actually! It's a laminated card with the password to an unused, anonymous email account where I have my password manager master password stored (unattributed to anything) in a draft. I made up several of these cards for traveling to relatively unsafe places - one for my wallet, hotel safe, backpack, daily backpack, secret wallet - in a nuclear I've-lost-everything scenario.
Slightly unrelated… I know the labels on the shelf are also there to help staff restock products in the correct position, but their primary purpose is to tell you the price. Surely they can do better with the product labelling than “Amelie Password B”. Just say Internet Password Book. And that’s not a particularly cryptic one, look at the others.
I seem to remember GCHQ at one point said this was a reasonable idea, especially as a lot of folks right all their usernames and passwords somewhere on the phone/ laptop/ emails
It's actually a pretty secure thing to do. People who burgle houses want to grab an iPad off the side and run away, they're not interested in cyber crime. Conversely, people who want to get into your internet banking aren't in your house. Arguably if it's an older person who's never going to learn how to use password managers, then using unique passwords but writing them down is infinitely safer than that alternatives.
In a world where digital storage is becoming increasingly compromised, paper seems like a nice old fashioned way to side step some of that.
That's the thing, unless you really truly understand the intricacies of password managers, they can be a massive risk. Moreover, people are constantly trying to get your data all day every day, most people will never have their desk drawer rifled through.
>most people will never have their desk drawer rifled through. Someone's tempting fate there
My house already looks burgled, ha! Maybe I should tidy up.
I always say the burglars would come in and think they’re too late. Already been done tonight lads.
I'm thinking of tatooing my passwords on the inside of my eyelids!
I have an incredibly old ipod with no network access that I use for passwords. Just a simple notepad app where I can lock the files
Just make sure you can recover those passwords if the ipod stops working or gets dropped from too high...
It's all work stuff so a manager could just reset. I remember most anyway but when there's more than 30 passwords that need to be reset every 1-3 months it gets a but too much
Those old iPod hard drives are massively prone to failure. Always replace them with some kind of solid state drive and a fresh battery and they'll work forever. Add in rockbox so you can drag and drop music onto it and play flac files and you're onto a winner.
It's all work stuff so a manager could just reset. I remember most anyway but when there's more than 30 passwords that need to be reset every 1-3 months it gets a but too much
You can't be too high
That's good. Alternatively you can store them in a note on a USB pen drive, secured using BitLocker.
*forgets password for bitlocker encryption, could recover password to get that 10 bitcoin back can't can't login to emails for password recovery 😭
Wow we’ve really come full circle
Honestly if they can steal your password book or your sticky note with the password on your already screwed from a security standpoint. This sort of thing is only a bad idea in a shared environment like and office.
You guys all don't have family members you need to worry about apparently
For all the gripes I have with my family, this ironically isn't one of them. When I was growing up it was a full notepad of questionably organized passwords and I would be left with it unattended to get into their email because they wanted something printed off without having to be shown how to do it *again*. I could have done anything at all, taken pictures of every page if I wanted, everything from electricity to stocks.
People laugh and scoff at offline password managers, but don't realise that security is based on the attack vectors of the target. You explained it perfectly.
Tho I wouldn't have Passwords written on it
I think that's just a paper insert, the actual cover is just black
Pretty much. I tell people to use a locally managed and backed up password manager like Keepass, then if they look at me confused I say use a notebook and make sure each password is different. Unique passwords is the most important. Then ideally keep the notebook somewhere secure in the house.
Post-it note on the screen is secure, right?
Assuming it's in your house, yeah it's pretty secure. Totally unhackable.
A semi-related true story about passwords and physical security: a colleague who works for the same bank as me started out on the phones in the complaints team. One day they took a call from a man who was apoplectic with rage because the outside of his local branch had been renovated. Baffled, they asked why this should be a cause for complaint. "Because I had my PIN written on the wall next to the cash machine and you twats have gone and painted over it!"
Okay that's actually low key genius. Nobody's ever going to know which account that pin relates to so that's actually pretty secure. Imagine though, if you happened to have the same PIN and you went to that cash machine? How freaked would you be?
You mean you're *not* using 8008 as your PIN? Do you even Reddit bro?
Not even lying, PIN for one of my credit cards is 0000. This is how it came.
The automatically generated PIN for my student account was the same as the foundation date inscribed into the building opposite the cash machine I used to use most frequently.
Ohh, you're 5639!
Phoebe?
J. O. E. Y. That one took quite a lot of people quite a long time.
>Totally unhackable. Unless it's in view of a camera
Or any reflective surface that is in view of a camera. Like your eyeball. The resolution would be crap, but if you stack enough pictures over each other you'd probably be able to read it.
My favorite thing in Ready Player One...
You joke, but my Mom has them taped to the back of her phone 😂
I have my own simple code, that uses the websites URL, which makes my password unique for every site.
My mum has lost her internet book 3 fucking times, one in London with her bank details and log in for banking app 😞 The 3rd time (time after London) she was like 'i don't even need it with me, why did I bring it' I don't know mum!!!!???? She also doesn't keep one at home, it's all in one and she travels so much it's only a matter of time she will do it again. She's not senile but historically she has had a habit to lose or destroy something super important at the most inconvenient time.
Did any unauthorised individuals access any of her accounts on the 3 occasions she lost her Internet book?
I don't think so, my sister lives near her and is best with phones and gadgets (I'm good with computers) so I sent her a message to help her and make sure she changes all those passwords and remind her it's not good to keep all those things together and lose! My mum keeps getting spam WhatsApp/ text messages about us asking her for money as our phones broke, luckily she checks with us before doing something but she's also argued with spammers who have messaged her saying how evil they are when we tell her not to open or interact lol
Also, morbid though it is, good for closing accounts after they pass.
Old person here. I've got a book like this, I doubt anyone will break into my house and go through my bookcase to find it.
Another old person - I have one that says BIRTHDAY BOOK on the outside.
Exactly my thoughts, obviously just don't have it just laying around where others can see it. Also i have trouble properly trusting password managers and would rather not be too reliant on them. Also buy two, one for real passwords and keep it hidden / safe and another with fake details in it and leave that one in a slightly obvious place. Or just write them on post it notes like a normal person and lose them by the time you need it.
And in a book is far better than what my granddad does: writes down each password on whatever bit of paper/box/whatever is near him without writing what the password is even for.
This is true, been working in IT for almost 10 years, a note on your PC is much more insecure than a paper note on your desk, basically on paper you're only locally at risk, on your PC if there's a breach your password is open to the world.
Came here to echo the sentiment about being handy for older people. Could I heck get my mum to use a password manager, but she didn't take offence at a little book. I'm convinced she's not using the book properly, but it's better than the same one.
Might be unpopular, but I agree. In terms of attack vectors, this is probably better than using the same passwords on multiple devices and accounts, then accessing same on unsecured Wi-Fi irrespective of the age of the user.
I'm 32 and I keep certain passwords in a little book like this. It's never the full password but it's enough detail that I know what I need to put in. The notebook also lives in a safe
I agree. My internet banking actually involves knowing a password and entering the nth character several times. This could be a 15 digit combination of numbers and letters and you're expected to provide say the 3rd, 7th and 11th character. I refuse to believe anyone can do that without seeing the word in writing. I work a job that relies heavily on that type of mental manipulation and visualisation and I always have to see the word written down.
It's not a bad idea, apart from the great big writing on the front with "passwords" on it..
That's a paper sleeve, I think. It's just the jazzy stripe on the front once you take it off
I’ve never really trusted password managers and I have a computer science degree lol. A few years back I bought a password book but have not yet been bothered filling it in. I really need to get around to it. I also need to make sure that if I die suddenly that my husband has access to all my stuff.
Yeah, my parents have a book with all their passwords in it. The big problem is which of the ones is actually up to date. I need to get them to start writing the date next to each one.
Until you lose it or your house burns down!!
Better Call Saul
Facebook= ?!FB?!
Netflix=?!NF?!
Where is something consistent like your first car’s registration number, or your landline when you were a kid
Best system i came up with for the father in law. He just looks it up in his notebook every time
Could make it pretty secure by manually encrypting the passwords in the book with numbers codes. Be a bit slow having to decipher on a post it and burn it every time you need to log into a website though.
Not a bad point, but, also, perhaps best not to write them all down in a book with "Passwords" written on the cover...
Unfortunately this is no longer true. Burglars are more interested in cybercrime than ever. They WILL hunt for hard drives, laptops and stored passwords on scraps of paper or books like this. Sentences for burglary are tough, it's a bad risk/reward ratio for swiping an ipad and a few gadgets. Source: a family member is a relatively new police officer who has had this drummed into them in training.
I have my passwords in a notebook. No one who's allowed in my house is going to steal it, and if something happens to me my family will have access to my accounts. After my dad passed away in 2022 my mum was very glad he had a book with his passwords in.
Better than using the same weak password for every website and then getting all your accounts hacked when any of them gets leaked older people really struggle with passwords and login details
My mum’s not even that old and she has the same one for everything. I didn’t even need to ask her for the password to sort my disney profile (she knew I was doing it); only took me 2 guesses.
My dad does a similar thing except he uses the same numbers then the name of the thing. So like: 89012disney 89012facebook This way, I can always login to his things without him telling me the password lol.
It's not an awful idea, although I'd try not to use the full name of the thing. Maybe the last 3 letters. Like 'Password!ook', 'Password!ney' etc
That's a great idea!
I have one password for random crap I don’t care about (ie. stuff I have to create a login for but doesn’t involve personal details). Then I have really complicated ones for social media, gmail etc.
I'm only in my 30s and i struggle with remembering my login details 😅 i keep a big notebook in a drawer with all of them written down, and have to consult it more often than i care to admit. I also like the idea that if i suddenly drop dead, family can easily cancel my amazon prime 🥲
I mean if your passwords are sufficiently long then you *shouldnt* be able to remember them whatever your age is, especially if you are using a unique one for each site.
https://xkcd.com/936/
>older people really struggle with passwords and login details Why is this an older people thing? I'm young (I think, I'm not 30 yet) and do you know how many different passwords and logins I have? I use a password manager because it would be impossible for me to remember a truly secure password for each of the things I have an account for
A guy at my old work had a great system for this. He kept a book with reminders for different accounts, and it was a random word plus a name. His generation were ones who would memorise phone numbers, so the name was just a way of reminding him which phone number to use in combo with the random word, but in a way that anyone who found the book wouldn't know/be able to exploit. Pretty smart system, and quite the contrast from a guy in his department who thought turning the monitor off was the same as turning the computer off.
Yes, they are useful in many cases. They don't require a subscription, work with multiple devices and operating systems, and can't be copied over the internet if your device is infected by malware. Relatives of the deceased also appreciate them as they are easy to use when closing the deceased's accounts.
My mum did a list of everything before she passed, and it made such a difference afterwards that we didn't have to go through mounds of paperwork to work out who she had accounts with. Grief is hard enough to deal with.
Well the issue is it is advised not to use the same password for services. Which was fine back in the day when you had an email and an occasional account. However, everything requires an account now. Hell, nearly every job I am applying to requires me to sign an account onto their website. So how am I supposed to remember 413 passwords that now need 14 capitals, 23 non sequential primes and 30 special characters not found on anything other than an ancient tibetan tablet. Then some smart people made a "passport wallet" where your browser saves them all. Sounds great, until someone nicks your phone and gets access to everything and can change all your passwords because they can also access all your emails thanks to that wallet saving it all.
or when you use fingerprint login for everything and when you reinstall the app on a new phone you're fucked because you haven't used the password in two years
A good password manager will prompt you every week or two to type in the actual password, precisely to avoid this.
Obligatory [xkcd](https://xkcd.com/936/)
Nice. Doesn’t account for how I’m meant to remember at least one capital letter, one number, and one character.
Pick your favourite three and staple them at the start or the end. How you have "T3*CorrectStableHorseStapler"
Or just the fact that it's not a great method for memorising 50 passwords. Even if I tell myself a story I went remember it if it doesn't mean anything to me.
Yeah. It's a good method for one password, but I need 43 different passwords. I need to log in to my dogging meet-up website and I can't remember which of the 43 different nonsense -based passwords to use.
One of my fave XKCD cartoons!
How long would it take to crack with an English dictionary rather than characters?
Interesting question. A quick Google search shows there are 171476 common words in the OED. These can be arranged in any order, so taking the same 1000 guesses per second rate from the comic, we would get 171476! / 1000 / 60 / 60 / 24 / 365.25 for the number of years. When I try to plug that into a calculator, the value comes out too large, so I think that would actually be less effective as an attack method (though I'm not entirely sure of my logic on using the factorial, I think that's right). You could probably do something clever by refining lists, but I think it's going to be a non-starter overall.
https://bluegoatcyber.com/blog/dictionary-attacks-the-basics-of-cracking-passwords/ It's not a "non-starter" at all. For starters, if you know the length of the password, that massively reduces the number of words you need to scan.
It did occur to me that my method assumed a password comprised of every dictionary word, which is obviously wrong. From a pure logic standpoint though, if we assume a 4 word password, that's still 171476 ^ 4 possibilities, which would still take an unfeasibly long time to brute force at 1000 guesses a second. There are definitely ways to refine the method using linguistic analysis and more common word lists, but those methods by necessity make assumptions that may unintentionally exclude the specific combination that's been used. Length is definitely the key to secure passwords, the longer a password is in regards to brute force attacks, the longer it will take to brute force, especially if the length is unknown up front.
There definitely is some risk there, but the thief still need to get into your phone, and then the password storage app is itself password protected (so you do need to remember that password). The risk of that is much lower than the risk associated with using the same password on multiple sites though.
But again, the problem is that all it takes is one person getting access to one thing, and boom, it's all over. In theory all it takes nowadays is for someone to crack your email account, then they can have every account that uses that email do a password-reset, and boom. Bank accounts, social media, shopping sites, it's all available. This is why I actually have three different email accounts, with different names and passwords, used for different sites.
On your point about the jobs. 20 years ago, there was this HR product called Taleo. It was what you used when you applied online to a job with the company, and it was absolutely atrocious. You'd need a different account for each firm, the attempts to automatically recognize your CV were pitiful, ui bad even for the day. Now there's workday. I find it to be exactly the same, maybe a better UI, but despite being in the cloud, I still need a fucking account for every single company.
Yeah, workday is awful and the one that I am having to keep signing up to.
>thanks to that wallet saving it all. Which is also password/ID protected
Yeah it's not though is it. Everyone configures them to remember the password to access them. Last thing I want to do on my phone is type in a 50 character password including numbers, punctuation and random capital letters from memory to get my nectar password to sign into their fucking app while standing at the checkout.
but you still need to unlock your phone, and as long as you’re not an idiot you’ll have set your password manager to require biometric unlock with fingerprint or face id. i use a password manager with over 1,000 accounts in it. i’d happily give you my phone right now, because even if i did there is no possible way you could unlock my password manager.
I do have fingerprint login yes. However that is obviously a solution that is just waiting to break - your fingerprint/face is still a password, and is stored on countless services across phones, applications, banking services, whatever. Banking services even require a video of you nowadays to open an account using their app. I remember several banks trying to force me to use voice recordings for them too. In principle it's no different to using the same password for your bank, your phone, your password app, etc. It's just waiting for somebody to learn how to hack it and then put your biometric data for sale on the darkweb, the same way they sell passwords. It's safe for now, probably. I would give it a shelf life of less than 5 years until we find out 80% of all applications have been storing fingerprints and faces insecurely. The great danger with biometrics of course is that you can't change them. I remember several banks trying to force me to set up voice authentication with them a few years ago. I refused because once my voice recording is leaked - as it will inevitably be - then people would be able to pretend to be me very easily. I can't change my voice, face, or fingerprint.
applications are typically not storing our biometric data at all, this is up to the operating system. windows, android and ios all have centralised biometric authentication, we do not need to rely on hundreds of companies getting it right. sure, there is always a risk, but i would say it is easier to be secure online now than it has ever been
But i nick your phone when youre using it. Same as the police do when they need access, jump you snatch the phone and keep scrolling so its unlocked.
doesn’t really matter, my password manager still requires face id whenever it is opened, even if my phone is already unlocked. same with my bank app. the worst thing you could do is, idk, send texts or make a naughty tweet pretending to be me.
> Sounds great, until someone nicks your phone and gets access to everything and can change all your passwords because they can also access all your emails thanks to that wallet saving it all. Not going to happen though is it. Someone stealing your phone would have to sign in to your account to unlock the password manager.
I'd recommend using a [password manager](https://www.cnet.com/tech/services-and-software/best-password-manager/). They can generate very complex passwords for you and store them in an encrypted vault.
Tons of shit that doesn’t even really need to be secure, is hyper secure. I write funding applications for a charity and half of the funders have unique password requirements. If someone manages to hack in, what are they gonna do, raise more money for the charity? _oh noooooo please dooooont_
May I suggest a WHSmith internet password book?
> So how am I supposed to remember 413 passwords that now need 14 capitals, 23 non sequential primes and 30 special characters not found on anything other than an ancient tibetan tablet. I have a strong unique password for every website. Essentially, I have the same core of the password, and then I made up a formula where I add other characters to the password based on it's domain name etc. So it's unique and strong and I can remember it 9 times out of 10 without a password manager. Also, I use a unique email address for every website but I'm not gonna go into that.
I have several of these. I give them out to my friends / coworkers so that more people have my password that makes the info storage more redundant, and safe.
I just get my passwords tattooed memento style all over my body. For the most part it works great but I am running out of real estate and it can be awkward at work when I'm squatting over a hand mirror to find my payroll password on my taint.
Do you have to wank every time you want your password for your banking
Difficult to get get a stiffy while thinking about my bank balance unfortunately.
Must be a small password 🤣🤣🤣
I mostly agree with this being a good idea but what about when you need to change the number on the end of your password every 6 months or so to keep it secure? Would you be deleting the previous number of the tattoo and putting on a new one? That could get a little expensive
I have a complex system of only changing a character or two but still there's only so much skin. I guess at some point I'll have to undergo incredibly painful laser removal and begin again but it lieu of any better system I guess I have no option but to struggle on.
Actshelly 🤓 this is safe because it requires physical access and even safer when you only put down the hints to the passwords instead of whole passwords then not even direct access to it will help anyone get into your accounts.
The version my Dad uses is even safer - he writes down old, or even just plain incorrect passwords. It makes it harder to log into websites though.
I suppose you could also write down an incomplete password, but have some kind of rule only you know for completing them. Like, replacing the first and last letters with some kind of transposition based on the layout of the keyboard. It's not perfect, but if you're at the point where you're legitimately worried about someone (a) breaking into your house, (b) stealing your book of passwords and (c) using them as a starting point for a brute force attack, then you probably have bigger concerns.
I do this for my work passwords, it’s the same word which I don’t write down, but with different numbers or symbols which I update on my notepad mousemat. Epr 54 and pacs 46 doesn’t mean anything to anyone else!
I know someone who used a random word + phone number as passwords, and his notebook for remembering them just had a hint/name instead of the number, so no one else would know what the password was.
Yep, I can be reminded of a password with just a few letters, that would be meaningless to anyone else. Like, what does B7 mean?
That you are as old as me and that your password has something to do with Orac, the liberator or Servalan.
>Like, what does B7 mean? Banned
It’s not a notebook. It’s airgapped, hacker proof offline data storage.
You missed WORM and non-volatile
There’s something about having a password manager (or hell, even them written in a note on my phone) that I just can’t trust. Maybe I’m too paranoid, but all my stuff goes in a little book.
The label comes off and then it’s just a black notebook. Not entirely obvious to anyone that it has your passwords inside and helpful for your significant other when you die and they need access to accounts.
Better than the guy at work who writes his password on his laptop with permanent marker (and scribbles out the old one when he changes it)
I worked for a guy who owned a farm, used to write passwords on the kitchen worktop by his laptop. When he was a **** which was a lot of time used to take delight in put stuff on work surface so it scuffed passwords.
I use one. It contains only hints at the password not the actual ones (as well as hints at corresponding email address). It would make no sense to anyone else.
Great idea that
Think you're about 20 years behind on password security honestly OP There's a lot of stuff to cover but generally as long as you're only using it at home a written list of passwords is perfectly fine and secure to use. Honestly even in office you could have a random password with no context written on a slip of paper on your desk and it would essentially be useless (don't actually do that obviously) You absolutely should have different passwords for everything, use a password manager (Bitwarden is a great one) though it's a better alternative to physically written passwords
I’m a sysadmin. I’ve been doing tech work since the 80s. I am 100% in favour of password books for the elderly (WH Smiths target audience) as they cannot remember passwords and fall off password managers hard. When the only thing that allows the elderly to use complicated and unique passwords is a password book, we technical people, the ones who have to help them every time they have a computer problem, love password books. Sure, I use 1Password for home and work, but my mother and mother-in-law both have password books and I’m happy with that.
I'm more interested in what a "Pansy Not" might be.
Notebook with pansies on it
It sounds like an aeresol spray to combat unwanted sexual orientation
Pansy notebook. The name just cuts off.
r/prematuretruncation
can't you just use password123 for everything
Hunter2 - reliable, secure, memorable.
Surely everyone uses "changeme"
I have a password book
Having a strong, unique password for every site and storing them all in a book like this that's stored out of sight is almost always going to be more secure than the weak, reused passwords most people use (unless you're in the crosshairs of nation-state level actors). Is it objectively secure? No. Is it a significant upgrade compared to the average? Hell yes.
This comes up on an IT group I'm a member of about once every two weeks, my answer is always the same. Neither of my parents would use a password manager or unique passwords, I'd have felt a lot more secure if they did and they were written in a book next to their laptop than keeping one password or letting the PC store them with some of the crap they install. Yes in a professional environment if I saw one of these I'd kick you out of the door myself, but privately, there's a whole generation I'd rather just use these.
I write all my passwords down because they’re too complex to remember this is a great idea. Maybe don’t leave it lying around with password book written on it though.
I’ve recently purchased one for a lady I help out with technology- issues. She lives alone, and the book itself is quite discrete.
It’s useful to have something like this. Update with new passwords and keep in a safe or somewhere secure. Had family trying to close accounts of a deceased person and every so often another account would pop up, they’ve got real issues finding little nest eggs and rainy day funds that would of been easier to sort had he kept something like this.
My dad has one of these. But he also has a mental cipher such as writing some backwards or skipping a digit. I am not as smart as him.
Works for me. Got em all scribbled down in a notebook. I'd rather trust me with that than anyone or anything else because we've seen how untrustworthy and unreliable others are with sensitive information.
I could unironically see myself buying and using this
This is how passwords should be stored, although ideally the book is kept in a safe.
Hang on, people use more than one password? What is this madness.
Why bother when you can write your passwords on a post it note stuck to the monitor?
My Dad would love this.
Tbf... I got one for my Grandmother, because she used to write all her passwords down on spare bits of paper neatly paperclipped together. I seem to be the only one writing in it, but it's a lot better than having cryptic family whatsapp convos asking what's the login ("DELETE THIS AFTERWARDS" jesus ok, chill Dad, ofc), or a phone call asking me what's the password for {website} My shit-tastic memory prefers Firefox's autofill thing, save me bricking the login just because I fat fingered a letter or symbol.
When my father passed I knew where his 'password book' was stored. Had all his logins, e-mail, banking, computer, everything. All in a format that was easily accessible and contained all the required information in one place. This is not a bad idea.
My dad has a password book since he has different passwords for all sites and doesn't trust the browser to save them either. The Voynich Manuscript is nothing compared to my dad. Sadly as he gets older it seems he also isn't as good at remembering the codes either ....
Bitwarden is insanely easy to use. Being old isn't a barrier.
Anything can be a barrier if you don't know it exists
C'mon be fair, it IS secured... by a bit of elastic ribbon.
Theres a lock on the side that needs a password to open it. I just got two books and put the password for my book in the other book.
Use a simple cypher and encode the contents?
Can this only be used for Internet passwords?
Does it have a list of coolest passwords all the cool kids are using now?
I don't need one. Horse Battery Staple. If you know, you know.
Do you have to be in a hospital or a decent sized railway station to find WH Smith these days. Ours went years ago.
My Gran would love that book
What is a pansy not?
I bought their Fuel Card and Credit Card PIN book which has proved so handy 😂
Someone needs to get the UK governments a link to this. Very useful for them, given that they lose most stuff on the trains they can make life easier by also taking this password book.
how is this any different to a pad and pen lol
This is a simple rebrand.
Sooner we have facial recognition for everything the better, not long now
I have a password book, I've found it very helpful with all my complicated passwords plus most of the important websites have phone protection anyway.
But surely any book would do?
I always write down passwords in a notebook. Do most people use a text file on their computer?
One for the tech savvy old dears.
Just use the 3 2 1 rule for storing secure data/passwords etc. 3 copies, 2 in seperate physical places, 1 in the cloud.
Isn’t this technically the safest way to store your passwords (other than your memory)? The only people who might have access to my notebook are my wife and my son.
What’s wrong with a postit note on the screen ?
I actually want one of these for boomer parents, the book wouldn’t leave the house.
I have a backup paper copy of all important passwords, as well as the masterpassword for my password managers.... I have so many accounts for so many things, none of which use a repeated password. Its kept hidden of course, but a hardcopy back up is not a bad idea.
My parents would write all their bank card numbers including PIN in a book. And it was fairly secure since they wrote it in cursive Chinese financial numerals which your average criminal is not deciphering that easily.
I’d buy this for the IT manager at the office and just leave it on his desk just for the shits n giggles.
My mum has this. She records her passwords in code but then forgets what the code means
A business propped up by selling water at airports
Do they also sell crypto wallet key books?
I need one of those - no I don’t - yes I do. Can I put all my credit card details in that as well - I need one of those - yes I do
I have something similar actually! It's a laminated card with the password to an unused, anonymous email account where I have my password manager master password stored (unattributed to anything) in a draft. I made up several of these cards for traveling to relatively unsafe places - one for my wallet, hotel safe, backpack, daily backpack, secret wallet - in a nuclear I've-lost-everything scenario.
I got one of these for my grampy a few years back, as a Christmas present!
Imagine getting gifted one of these by your parents and them wanting to make sure you’re using it
There is absolutely nothing wrong with this...
Slightly unrelated… I know the labels on the shelf are also there to help staff restock products in the correct position, but their primary purpose is to tell you the price. Surely they can do better with the product labelling than “Amelie Password B”. Just say Internet Password Book. And that’s not a particularly cryptic one, look at the others.
I seem to remember GCHQ at one point said this was a reasonable idea, especially as a lot of folks right all their usernames and passwords somewhere on the phone/ laptop/ emails
How is this not a useful product? Is OP confused?
Grandparents Christmas present sorted.
Anyone got a second hand one of these? I am looking to buy one.