Comments

cApril 24, 2013 1:29 PM

"only slightly different than Password Safe"

well, it's a hardware solution, rather than software.

she or her writers have clearly identified the security problems with that product.

AAApril 24, 2013 2:08 PM

This is actually real, saw one of those in a bookstore the other day. A nice looking, large in length size, made out of suede cover.

AAApril 24, 2013 2:11 PM

Truth be told, you have to write them down somewhere, might as well a soft copy on your hard drive, backed up online somewhere.

Passwords are not really plain old passwords anymore, they come with all kinds of security identifier questions etc.

JMDApril 24, 2013 2:27 PM

For many people, I actually think this is a better solution than having weak passwords everywhere that you can easily remember, sticky notes on the monitor or a cleartext password file on your desktop. It puts your passwords into the realm of physical security and the burglar breaking into your house to steal your stuff is not likely to search your bookcase for one of these things.

But knowing my parents, they would still use this to write down all of their weak passwords that are the same on all websites and then leave it next to their keyboard for easy reference.

bickerdykeApril 24, 2013 3:13 PM

Well, it keeps your passwords safe.

From what? Bots and Trojans? Definitly. Snooping spouses? Definitly not.

JiistmeApril 24, 2013 3:46 PM

I actually love this product (when used appropriately). If I ever see one, I am going to pick one up for my mom. My concern for my mom is not physical theft, it is virtual theft. I am sure I can get her to use better and different passwords if I could find a scheme that helps make it easy for her to find and use those passwords. A book like that just might help.

On a similar, but separate note, for home use I am leaning more and more to advising my family to write passwords down. I have a much better chance of them using better passwords and different passwords if they have them written down then if they have to memorize the passwords. By doing this, I am assuming the risk that they are physically robbed is less likely than the risk that a database full of passwords is stolen from some website.

Bob TApril 24, 2013 4:23 PM

@Jiistme

See if you can get them to use something like KeePass or Password Safe. I find Keepass easier to use in general. Right-click;copy username, right-click;paste, right-click;copy password, right-click;paste. So easy.

I save the database in a SpiderOak synced folder so changes are automatically updated between home and work if I make a change to one.

vexorianApril 24, 2013 4:44 PM

Some people really do use stick notes to store passwords. So this binder is a security upgrade for them. Add in a gabinet with a lock, and it is a good thing for users that have trouble using password managers.


What it could use is a random password generator. I think it is not so difficult to make a paper method. They could include pages of random letters or something. Heh, some people would really find that easier to use because they are more used to printed tools than computers..

JiistmeApril 24, 2013 4:47 PM

@Bob T

That is my ultimate goal. Over time, I want to train my mom how to use Keepass, but during the interim, I think a book designed for password storage would be easier for her than her current method. (A small notepad with a bunch of username/passwords written somewhat randomly throughout.)

Mark J. Blair, NF6XApril 24, 2013 5:04 PM

What it could use is a random password generator.

How about a 20- or 30-sided die of the sorts used by pencil-and-paper role-playing gamers, imprinted with a collection of letters and/or digits? I think that even Grandma should be able roll one and write down each letter in their Password Minder, then lock it all up in their Password Minder Protector.

Peter A.April 24, 2013 5:35 PM

And to make people use strong passwords, the Password Minder should have them pre-printed, generated from a good entropy source. It is easy today to print unique items in large volumes.

A user will fill in the username and site details only - and maybe decide the length of the password by striking off some characters at the end (or beginning, for that matter) in case a site doesn't accept long passwords.

Of course such version of the Minder itself should have some tamper-resistant packaging to prevent someone from scanning the passwords before end user gets it.

As a bonus, a few initial pages may be also pre-printed with popular site names like facebook, twitter etc. - only the username field left blank.

A great gift for your grandma...

DavidTCApril 24, 2013 5:37 PM

If you are not worried about theft of the computer, you logically are not worried about theft of the thing next to it. Thus, a binder makes sense. (If you are worried about the theft of your computer, you really need to use drive encryption, considering your web browser remembers them all anyway.)

Of course, if you are not worried about the theft of the computer, than I have to ask where the hell not just keep the passwords _on_ the computer, where it is much easier to copy and paste them?

I tell everyone I know 'Look, make a text file on your computer for passwords. Put it on your desktop where you can find it. When you need to make a new password, go there, put in the site, userid, and pound out 12 letters and numbers, and copy that in as the password.'.

It's not 'perfectly safe', but it's a hell of a lot more safe than the statistical level of safeness practiced by people. Granted, all of this is mostly because human beings have absolutely no idea how to manage passwords, and a lot of them have been very very mistrained.

So, this is password archival for...techophobes? I don't actually understand why people would take the step of 'write down passwords' and not finish with '...on the device I use to write things down on that I am always at when I create or need to know a password'.

I guess I can't complain much except, of course, that this is absurdly overpriced. For ten dollars you buy three address books, or five blank notebooks, or an index card file and fill it with index cards and tabbed dividers.

I actually think there would be a nice market out there to undercut these guys. For one thing, that book is _huge_. Who the heck has that many passwords? Wouldn't something wallet-sized be a lot more reasonable, _and_ means you can carry it with you?

TonyApril 24, 2013 5:40 PM

A TrueCrypt encrypted computer and plain text files is a perfect choice and the system is protected if stolen. KeePass is also a fantastic choice (I use it on flash drives) and then there is Steganos LockNote. All three programs are free, simple to use and all require a single decent password to use.

TrueCrypt is a bit more complicated to setup but after installation any novice can use it to boot the system. Everyone's computer in my family is protected with it.

GodelApril 24, 2013 7:07 PM

If you're using KeePass with Firefox, be aware of the Keefox add-on. This provides the missing autofill feature that commercial password managers usually provide.

I find it detects web site login fields maybe 80% of the time. :)

Brandioch ConnerApril 24, 2013 7:10 PM

I just picked up a blank journal for a friend so she could use it to keep track of the various passwords and sites she manages.

I'm not so worried about security because the security of having a physical object already improves it. At least now the passwords can be long enough and cryptic enough so that some script kiddie somewhere else in the world cannot crack it remotely. Now they'll have to travel here and steal it.

And remember that most of your on-line passwords aren't going to be cracked like this. As long as you didn't pick one in the short-dictionary-list (password, passw0rd, etc) and the site practices decent X tries before locked out for Y seconds you'll probably lose your password because the computer you're using is already cracked or the site you're typing it into is a phishing site.

And 100% agreement with everyone who recommends pre-generated passwords. And fake answers to "what city were you born in" questions.

GodelApril 24, 2013 7:27 PM

@Bob T

"I find Keepass easier to use in general. Right-click;copy username, right-click;paste, right-click;copy password, right-click;paste. So easy."

Ah, you do know that you can do this all in one step, don't you? Just click in the login name box on the target web site to make it active, right-click on the appropriate entry in KeePass, then click "Perform Autotype" in the right click menu. KeePass will type in your login name then a tab character, then your password then Return.

Just make sure Autotype is enabled in the individual entry. Also look for two channel obfuscation option. BTW, KeePass has recently upgraded to V.2.22.

BenApril 24, 2013 7:37 PM

I suspect granny would be happier remembering one password and using something like last pass or keepass or something. Typing in strong passwords is somewhat of a chore, I find. Even if you don't have to go to the trouble of remembering the things.

techauthorApril 24, 2013 7:56 PM

@jiistime

Ok to write them down, but no need to write the full password.

If they can remember that ALL of their passwords start with [ and end with ] then they can write them down and not write the brackets, which reduces the physical risk, too.

wolfApril 25, 2013 1:49 AM

@davdtc @Tony

Ya, and have that file stolen by a trojan or via careless file sharing settings then.
Full disk encryption wont protect against that.

MikeApril 25, 2013 2:28 AM

We should stop calling it pass-WORD. that's not the idea you want in the user's head when they are struggling to generate a good secret.

RichardHApril 25, 2013 4:12 AM

Nobody seems to have mentioned
the Stanford PwdHash solution (client-side javascript hashes user password plus domain name to generate per-domain passwords.) There are add-ons for Firefox, Chrome and Opera and apps for Android and iOS.

ChuckApril 25, 2013 8:37 AM

Ok, I've got my Password Minder Protector Minder. Now where do I store that to keep it safe from prying eyes?

Look no further: my new Password Minder Protector Minder Protector can be yours today! (Available at Walgreens)

Bob TApril 25, 2013 10:38 AM

@Godel

"Ah, you do know that you can do this all in one step, don't you? Just click in the login name box on the target web site to make it active, right-click on the appropriate entry in KeePass, then click "Perform Autotype" in the right click menu. KeePass will type in your login name then a tab character, then your password then Return. "

Great! Thanks!

JiistmeApril 25, 2013 10:41 AM

@techauthor

Great idea. I love it. I am definitely going to steal that idea and teach my mom to use it. :)

@Eli Baker
lol...I love your attitude. My mom has a similar attitude, she is just a tad bit too trusting at times. :) After her first stint of her bank account being stolen due to a scam, she started listening to me more. I try to slowly introduce better and better security concepts. She is actually doing pretty good now. But there is always room to improve. (I include myself in that statement.) My current focus is to get her using different passwords for everything, but that will be a slow transition. (Not living close by doesn't help either.)

Btw, on a side note, I love this site and the constructive discussions that go on. I mostly lurk and rarely post, but I love reading the conversations on this site when I have time.

Ac2April 25, 2013 12:29 PM

Right at the end she cracks the one about sending your passwords to her for safekeeping... Isn't that what Lastpass does?

Can't trust them that much myself...

Nick PApril 25, 2013 11:46 PM

@ Mark J Blaire

"How about a 20- or 30-sided die of the sorts used by pencil-and-paper role-playing gamers, imprinted with a collection of letters and/or digits?"

Awesome to see someone else thinking about using those die. In 2010 or 2011 I wrote a program that turns die roll results into random keys (after running it through a hash function). The die I used were eight-sided D&D die. I noticed that 2^3 = 8 so there was a perfect, unbiased correlation between an 8-sided dice and 3 bits. So to make at least n truly random bits, you need to roll n/3 times plus 1 if there's a remainder. Worked like a charm. Throw a bunch in a shoe box, shake it and dump it on the floor for quick bits.

Next step was 16 sided die for 4 bits. I later aimed for economy (and deniability) by using a deck of cards for the same thing. Trick was to take out cards so that what was left would have a similar correlation. For instance, 8 (2^3) possible ranks and four (2^2) suits. So, each card represented 5 bits.

Then I discovered LavaRnd and VIA C3's Padlock Engine w/ onboard TRNG. Today, the dice and cards just collect dust in a box in my closet.

wolfApril 26, 2013 1:10 AM

@Ac2

Lastpass uses client side encryption for your passwords. They only have a random chunk of data from you on their servers, which they cannot decrypt.

So no, they do something completely different.

Peter A.April 26, 2013 2:42 AM

@Nick P.

Yes, using dice is a nice simple trick if you need some strong key material in moderate amounts. For random website password, I use /dev/random. Not as good, but good enough.

dd if=/dev/random bs=1 count=9 | base64

Clive RobinsonApril 26, 2013 6:28 AM

@ Nick P, Peter A., Mark J. Blair,

How about a 20- or 30-sided die of the sorts used by pencil-and-paper role-playing gamers, imprinted with a collection of letters and/or digits?

Whilst more sides at first sight suggests the less throws you need make, the problem is the more the number of sides you've got, the more bias and the more easily recognised it is in your resulting output [1].

Also a power of two (ie 2, 4, 8, 16, 32 etc) would at first sight appear to be better than other numbers of sides but in the words of the song "That ain't necessarily so..." as it actually makes a bias more obvious.

To help remove bias it is easiest to use two or more random elements and then combine their results such the bias is spread across all of them. However this has to be done with care lest you change the probability distribution [2].

There is also the questions of "availability" and occasionaly "suspicion" in using anything other than two (coin) or six (regular die) sides. For instance a 20 sided dice is generaly only available through specialist educational suppliers or role playing games outlets which are not exactly thick on the ground. Further going through a check / customs point is likely to turn up a 20 sided die and one or two questions' where as a couple of packs of cards and a couple of ordinary six sided dice are going to be less questioned and more easily explained. Whilst a pocket of lose change is so ordinary as to attract more suspicion if you did not have lose change...

So how to convert the throw of two dice to a number of bits. One simple way is by matrix. Draw up a six by six grid and fill in the squares with numbers from 0 to 35 in any order. Along the top of the grid write 1-6 and likewise down the left hand side of the grid. Have the dice marked in some way (different coloured bodies or dots etc) that does not add bias and use one to pick the left number the other the top and throw them from the cup at the same time as a pair. Read the result from the grid, if the number is outside your required range (0-31) discard the result and throw again. Keep going untill you have the required number of bits or more.

If however you want letters and numbers fill in the grid randomly with A-Z,0-9 or just letters fill in A-Z randomly and leave the other squares blank. If just numbers then use 0-9 three times and randomly and leave six squares blank.

It's a process that has been used several times over the years to generate "One Time Pads" and I wrote a little program many years ago that fits nicely onto a floppy disk along with the MS OS that prints out two neatly formated pages for the pads to be easily used. It also keeps a running tab on the numbers looking for bias.
Importantly create the matrix anew for each random sequence you need and then destroy it afterwards as being in posetion of it is a dead give away as to what you are using the dice for.

[1] It's been shown a number of times that it is actually quite dificult to make an unbiased mechanical object such as a coin or die. However for most uses the slight bias can be ignored or where important (cryptography etc) de-biased. The von newman de-biaser of taking two succesive and thus otherwise unbiased coin flips and using them to provide one unbiased bit is one of very many [2].

[2] As a simple example take six ordinary dice and throw them from a cup and count up all the spots you get numbers in the range 6-36 as you would expect but after a few throws or moments of thought you will realise that the probability distribution is not flat but a close approximation of the bell curve. However take the result mod 6 and you will get the equivalent of a single die being thrown but the bias of each of the six dice is reduced and spread across all the numbers making the probability nearer being flat.

Peter A.April 26, 2013 7:31 AM

@Clive: Nice description of rolling random numbers with dice for dummies. It is obviously not good to just add the spots and assume the sum is evenly distributed, I think Nick P. and I just assumed everyone knows that from basic probability classes. Thank you for spelling it out for the wide public.

By the way, I am completely puzzled by your comment about a non-standard die getting attention of customs/whatever. What's wrong or unusual with it? Anyway, if one is so paranoid, he can carry some other role-playing accessories along to complete the picture of a gamer. What's wrong with this?

@Clive & Nick: shuffling a deck of cards properly is tricky. Rolling a die or tossing a coin is much easier. I'd go for the latter.

pentesterApril 26, 2013 10:40 AM

I've been writing down my high entropy passwords and keeping them in a safe for years. I think that's a perfectly reasonable defense against most threats. There are multiple ways an attacker can compromise a passwords stored in (encrypted) soft format (keylogger of safe password, compromise system, break algorithm, brute force encrypted file etc.); there are far fewer ways to compromise a safe, and they all require physical access.

And who am I more concerned about having my password list: a burglar, or the type of threat agent who can defeat KeePass?

Kevin RoarkApril 26, 2013 11:18 AM

@wolf

File sharing compromising a TrueCrypt volume is a pathetic argument to use against using Keepass/TrueCrypt. File Sharing is a major security risk which can negate any other security measures in place. If you have to run that service for a legit reason do it on an otherwise unused box or in a virtual machine. The "I can poke a hole in any security measure so do not bother with security" argument is for the unwise and arrogant. Unfortunately the computer security world has an oversupply of such. Spare us.

wolfApril 26, 2013 1:38 PM

@kevin roark

That's not the point I was trying to make. It was directed at people saying they should just keep their passwords in a textfile on the desktop, cause the HDD is encrypted.

I love truecrypt and use it all the time. My whole point was that it's not going to protect the unsecure password managing "system" people suggested.

woody weaverApril 26, 2013 1:41 PM

@clive -- seems awfully complicated.

I used to have to set up shared secret VPN's, so needed a random hex string. My solution was just a penny, nickel, dime, and quarter (us coins). Generally always had it with me, and seemed to provide good entropy... (sidebar: it would probably not be surprising to walk into a "high security" environment to find that the shared secret was 0xFEEDFACE. Alas, the security officers were more hungry than careful...)

Clive RobinsonApril 26, 2013 5:49 PM

@ woody weaver,

My solution was just a penny,...

As I said,

Whilst a pocket of lose change is so ordinary as to attract more suspicion if you did not have lose change..

It is a working method but you have to watch you don't fall into a predictable pattern such as using the penny for every fourth bit etc.

The reason for using dice, belive it or not is way to many don't know how to flip a coin "fairly" where they show no such problems with dice (go figure, it's puzzeled me for many years).

@ Peter A.,

By the way, I am completely puzzled by your comment about a non- standard die getting attention of customs/whatever. What's wrong or unusual with it?

It's the fact it's "unusual" it makes people look at you differently and thus much much more likely to remember you or even think you "hinky" thus add you to their daily list.

As was once remarked by a famous physicist who liked to pick locks as a cure for being subject to excessive security,

The sound of a scientific discovery is not Eurica, but "that's odd".

Which is also often the sound of somebodies 'legend' (back / cover story) starting to unravel.

El ZomboMay 16, 2013 5:21 PM

It's interesting how some surprisingly positive comments are pretty much identical on different sites reporting about this, uhm, phantastic product.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..