so many: you accidentally put it through the wash. someone pick pockets you. you have a house fire. it smudges. you use weak passwords so theyre easier to type and write (instead of copy/paste), you spill coffee in your lap. why would you put access to all of your accounts on/in something so vulnerable day to day?
“you accidentally put it through the wash.” - Yes this is a risk, same as your password software company is sold/closed
“someone pick pockets you.” - Really this is not my concern if I am robbed (my cards and ID are more then enough to not need my passwords)
“you have a house fire.” - The password is in my pocket so as a dead person my password is not a concern anymore. Also if my house burns down I have bigger issues.
“it smudges.” - What is written are just reminders and I can rewrite them.
“you use weak passwords so theyre easier to type and write (instead of copy/paste),” My passwords follow the same rules as any good password, just because you hate typing them out does not mean I don’t do it.
“you spill coffee in your lap.” - OK, I am not seeing how burning myself does something to my password. if the paper gets wet? I guess if I was sitting in the coffee for a while it could make the ink run, but Eww that sounds like not a good time.
“why would you put access to all of your accounts on/in something so vulnerable day to day?” - I don’t nor anybody should use the same password for everything, Paper is great for notes and is a lot more secure then any software. I would ask why people are ok storing sensitive information on someone else’s machine. When did this become normal to trust a 3rd party over a physical item on your possession?
if bitwarden closes, i’ll just export my passwords.
meanwhile, i’m an idiot who puts stuff through the wash multiple times a year, and my dog eats anything she finds. paper is not a secure long term solution for me
Risks aren’t all equal though. How often do you smudge something or run it through the wash vs your password manager somehow shutting down without any notice? I’ve accidentally washed things tons of times, myself. Not a single password manager I’ve ever used has unexpectedly shut down. Heck, LastPass got sold and you can still use it (though I don’t recommend them). Importing my LastPass file into Bitwarden was trivially easy. You also can and should export your passwords occasionally to a local, encrypted file.
And while being pickpocketed/robbed already sucks, I don’t see why you’d want it to be worse. And it absolutely can get worse. Lots of people have passwords for financial services that will allow a thief to steal even more money or valuables from you than they can with just your credit and debit cards. Plus that’s more things to have to rush to lock.
What is written are just reminders and I can rewrite them.
I’d argue that if you’re a typical person with the dozens of unique online accounts that many people have, you generally won’t be able to remember your passwords, as that suggests your passwords are at risk for being guessed or too easy to crack.
That said, you often only truly need to remember your email password and computer/phone logins. Generally you can reset everything with your email. Of course, that’s not a reminder and is extra hassle.
I think people are taking the pocket example too literally. When I used to have to remember and manage way, way to many passwords I had a small notebook with the different parts to my passwords. Never was a whole password written out but I could recreate any password I needed from the little book. Was it a prefect solution? No. But it worked well for me for more then a decade and I worked with people who did similar. I did once put my little book in the wash when very tired, but interestingly little notebooks hold up well.
KeePass can be used locally. Often you’d want to store your vault in something like dropbox simply so you can use it on multiple devices for ease of use, but you don’t have to. And arguably you don’t need to worry if someone gets your vault. The encryption cannot feasibly be broken in any way but brute force. If your password is hard enough to guess, you’re fine even if an attack has your vault.
As well, if your complaint is just letting third parties handle your data, Bitwarden is open source and can be self hosted.
A lot of people joke about how postit notes on your computer are super insecure etc… But the fact is that the vast majority of threats are from people in other parts of the world, attacking your computer over the internet. So although a piece of paper with your passwords right next to your computer is very insecure vs people who are in your house; those are generally not the people you are worried about anyway! So that isn’t so bad.
As for a piece of paper in your wallet… That’s legitimately a high-security approach. There and some obvious downsides; but from a security point of view, it’s very good - especially if your ‘enemies’ don’t know about it. (Which they probably don’t; because unless you’re some high-profile political target or a spy or something like that, probably no one is watching you closely enough to care how you store your passwords.)
I think people get stuck on the software angle because they like the cool factor and we all like to think we are super important. In reality most accounts are broken into not with the password but the password recovery anyways.
Does a sheet of paper count as a password manager?
Not as a secure one at least.
Wait? how is a page in my pocket not secure but a software password manager is?
so many: you accidentally put it through the wash. someone pick pockets you. you have a house fire. it smudges. you use weak passwords so theyre easier to type and write (instead of copy/paste), you spill coffee in your lap. why would you put access to all of your accounts on/in something so vulnerable day to day?
“you accidentally put it through the wash.” - Yes this is a risk, same as your password software company is sold/closed
“someone pick pockets you.” - Really this is not my concern if I am robbed (my cards and ID are more then enough to not need my passwords)
“you have a house fire.” - The password is in my pocket so as a dead person my password is not a concern anymore. Also if my house burns down I have bigger issues.
“it smudges.” - What is written are just reminders and I can rewrite them.
“you use weak passwords so theyre easier to type and write (instead of copy/paste),” My passwords follow the same rules as any good password, just because you hate typing them out does not mean I don’t do it.
“you spill coffee in your lap.” - OK, I am not seeing how burning myself does something to my password. if the paper gets wet? I guess if I was sitting in the coffee for a while it could make the ink run, but Eww that sounds like not a good time.
“why would you put access to all of your accounts on/in something so vulnerable day to day?” - I don’t nor anybody should use the same password for everything, Paper is great for notes and is a lot more secure then any software. I would ask why people are ok storing sensitive information on someone else’s machine. When did this become normal to trust a 3rd party over a physical item on your possession?
if bitwarden closes, i’ll just export my passwords.
meanwhile, i’m an idiot who puts stuff through the wash multiple times a year, and my dog eats anything she finds. paper is not a secure long term solution for me
Risks aren’t all equal though. How often do you smudge something or run it through the wash vs your password manager somehow shutting down without any notice? I’ve accidentally washed things tons of times, myself. Not a single password manager I’ve ever used has unexpectedly shut down. Heck, LastPass got sold and you can still use it (though I don’t recommend them). Importing my LastPass file into Bitwarden was trivially easy. You also can and should export your passwords occasionally to a local, encrypted file.
And while being pickpocketed/robbed already sucks, I don’t see why you’d want it to be worse. And it absolutely can get worse. Lots of people have passwords for financial services that will allow a thief to steal even more money or valuables from you than they can with just your credit and debit cards. Plus that’s more things to have to rush to lock.
I’d argue that if you’re a typical person with the dozens of unique online accounts that many people have, you generally won’t be able to remember your passwords, as that suggests your passwords are at risk for being guessed or too easy to crack.
That said, you often only truly need to remember your email password and computer/phone logins. Generally you can reset everything with your email. Of course, that’s not a reminder and is extra hassle.
I think people are taking the pocket example too literally. When I used to have to remember and manage way, way to many passwords I had a small notebook with the different parts to my passwords. Never was a whole password written out but I could recreate any password I needed from the little book. Was it a prefect solution? No. But it worked well for me for more then a decade and I worked with people who did similar. I did once put my little book in the wash when very tired, but interestingly little notebooks hold up well.
Who exactly says you have to store it on another computer?
Sorry I assume you are using a program that is not air gapped. Most of the time I associate the “cloud” to these managers.
KeePass can be used locally. Often you’d want to store your vault in something like dropbox simply so you can use it on multiple devices for ease of use, but you don’t have to. And arguably you don’t need to worry if someone gets your vault. The encryption cannot feasibly be broken in any way but brute force. If your password is hard enough to guess, you’re fine even if an attack has your vault.
As well, if your complaint is just letting third parties handle your data, Bitwarden is open source and can be self hosted.
If its local then its not much more then an encrypted notepad, and I am down for that.
A lot of people joke about how postit notes on your computer are super insecure etc… But the fact is that the vast majority of threats are from people in other parts of the world, attacking your computer over the internet. So although a piece of paper with your passwords right next to your computer is very insecure vs people who are in your house; those are generally not the people you are worried about anyway! So that isn’t so bad.
As for a piece of paper in your wallet… That’s legitimately a high-security approach. There and some obvious downsides; but from a security point of view, it’s very good - especially if your ‘enemies’ don’t know about it. (Which they probably don’t; because unless you’re some high-profile political target or a spy or something like that, probably no one is watching you closely enough to care how you store your passwords.)
I think people get stuck on the software angle because they like the cool factor and we all like to think we are super important. In reality most accounts are broken into not with the password but the password recovery anyways.
Unless you use invisible ink!