this post was submitted on 19 Jul 2025
415 points (92.1% liked)
Technology
72957 readers
2938 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Honestly, a physical password book isn't a bad idea.
Not accessible via the internet, and in most cases if someone has physical access to your system you're done for anyway.
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
Yep. My Dad in his late 70s uses this system and it works great for him.
People make fun of it, but for people with low tech literacy this is actually far better than having a mish-mash of solutions where some their logins end up automatically saved in iOS on their phone, some are saved in Chrome on the desktop, some are just in their head, they don't know where anything is, and are constantly losing access and resetting credentials all the time.
And it definitely reduces the burden on me of parental tech support, when its all in the book.
is it's a pain in the ass.
For the majority of my clients who use this kind of system, it is totally dysfunctional.
Most of the records are incorrect, my guess is that they occasionally reset the password on mobile while the book is inaccessible and then don’t remember to update it in the book later.
Effective use relies on the user’s understanding of umbrella accounts. I’ve had users have separate written entries for “Office”, “Skype”, “Hotmail”, and “Windows” because they don’t understand those things are all one Microsoft Account.
As passwords get updated, it can become a mess of crossed out records with new ones squished into the margins. When a someone dies, anything written illegibly can be difficult for surviving family to discern. As the book gets filled out, it can get tricky to keep things alphabetized unless the user provisioned additional empty space between records.
This system can work great for someone who is meticulous, neat, and organized.
For your average person, I’ve had better luck solving the problem with a password manager synced to an online account that is protected by MFA and has recovery options that are also protected by MFA.
In fairness to them, I get a new email every month or two from Microsoft letting me know that they merged another account that I didn't ever ask them to.
My Mum died recently and my step dad is shit with tech, so their password book was invaluable in helping us gain access to her Apple account and her phone. It meant we were able to get to her iCloud passwords, so now we have access to everything.
So yeah, password books are actually pretty handy.
Bruce Schneier - 2005.
Watch out for that home grown script kiddie
Yeah, my in-laws have such a book and it honestly is great. They live in their own flat where nobody can access the book without breaking in. They do not save their passwords in their browser, so anyone hacking into their PC can't grab them. If they want to login into an account, they take out their book, put in the user name and unique password and that's it. Quite the good method and I really do not see many problems there.
Don't forget to use diceware. The human mind is not random enough https://www.eff.org/dice
What this book likely doesn't suggest, is to just code the username.
I have 2FA backup codes in my go bag and nowhere do I write the usernames or even the service if it's important.
You know your email address. If you lose this in an airport, writing "main email" makes it useless to anyone else.
I disagree. Using this book will always lead to shorter passwords that are easier to type. That's the main weakness imo.
Or in other words: it really depends what the user fills it with. It should be accompanied by a little machine that spits out random passwords, I'm thinking a rubics-cube-shaped bling pendant at the end of the bookmark band.
I'm imagining a different character on each face of each cubelet, which you would throughly scramble each time for a one-in-whatever-gagillion string? Am I getting that right?
Not at all. It will lead to easier to type passwords, likely. But that doesn’t mean shorter. This could easily be filled with passwords that are four words long with special characters interspersed.
Which you then have to type out every time. Laziness wins: they will be shorter.
The assumption is that the product is for non-savvy users. They might not even understand what you wrote up there.
Autocorrect can help here, but dictionary words are easily brute-forced, esp. when they're enclosed by special characters. And that hypothetical user would have to come up with that idea in the first place. But people who come up with such ideas usually already use password managers anyhow.
Several dictionary words in series cannot be "easily brute forced."
You're out of you're depth and saying stupid things.
Correct horse battery staple