Here’s the thing … as crazy as a notebook with passwords sounds, it’s not accessible to someone across the internet.
Password manager by Amazon
Submitted 1 day ago by kokesh@lemmy.world to technology@lemmy.world
https://lemmy.world/pictrs/image/f1cb559f-997a-4baf-9ba1-a4e04f98e799.png
Comments
vk6flab@lemmy.radio 1 day ago
6nk06@sh.itjust.works 1 day ago
Password managers check the URL before giving its data. A human being can be fooled into giving it to a fake web site.
MentalEdge@sopuli.xyz 1 day ago
Except they can be fooled too.
Bitwarden warns against using autofill on load for that very reason, as then simply loading a malicious page might cause it to provide passwords to such a site.
vext01@lemmy.sdf.org 1 day ago
It’s actually quite a secure way to store passwords, since it requires physical access.
I knew a guy who had a drawer full of slips of paper with passwords written on. He called it the “security drawer”. Made me smile, but probably shouldn’t have been advertising it.
lars@lemmy.sdf.org 7 hours ago
Oh I know him. What a weirdo. Fun guy tho. Did he move what’s his new address anyway?
BlackPenguins@lemmy.world 1 day ago
Just maybe don’t plaster “THESE ARE MY SECRETS” on the cover. Security through obscurity.
Cocodapuf@lemmy.world 1 hour ago
My mom had a nice little notebook for passwords. But when she passed, we couldn’t find it anywhere… We went through the whole apartment, everything.
Not having her passwords made a lot of things harder, closing her accounts, abusing her laptop, phone, etc. So while you shouldn’t advertise it, do tell a few people where to find it if they need to.
GraniteM@lemmy.world 14 hours ago
INTERNET PASSWORD LOGBOOK is probably just a paper slip that you can remove, and then it’ll just be a blank leather journal.
Now a REALLY secure physical logbook would just have the cover of a boring, unremarkable-looking book on the outside.
acosmichippo@lemmy.world 15 hours ago
but:
-
way less convenient to generate dozens and dozens of complex passwords. which means it’s less likely to be used/updated as much as it should be.
-
not tied into MFA which is an additional layer of security and convenience
-
A_norny_mousse@feddit.org 1 day ago
It depends on what the user fills it with.
Even the objectively safest solutions will be much shorter, and have less entropy, than what a pw-manager can deal with.
AnUnusualRelic@lemmy.world 22 hours ago
Please hold your password notebook in front of the laptop camera.
wreckedcarzz@lemmy.world 1 day ago
Their Ring camera that points directly at the desk they keep this notebook on: “it’s showtime”
skisnow@lemmy.ca 10 hours ago
So far the combined might of the Russian, Chinese, American and North Korean hacking teams have been unable to crack the post-it note on my desk.
Litebit@lemmy.world 6 hours ago
now they know.
skisnow@lemmy.ca 3 hours ago
If they’re in my apartment I’ve already got bigger problems.
tym@lemmy.world 6 hours ago
This isn’t the flex you think it is, OP. 99% of cybercriminals are also cowards. Physical security of ANY kind beats even the best password managers.
If you don’t know what lattice-based encryption is and how to purchase it through NordVPN, start reading up because encryption as we know it isn’t long for this world. Pretty sure they already dragged their feet too long on Bitcoin’s algorithm but the day cracking common ciphers is within the grasp of quantum clusters is the day we all become Amish. Plan accordingly!
Cocodapuf@lemmy.world 1 hour ago
My understanding is that quantum competing has been taken into account for some moment cryptography. And that memory-hard cryptography basically defeats quantum competing solutions. There are a few methods, but one of them is just very long keys, it’s trivial to make a cryptographic key longer.
So sure, you could defeat some of that with a machine operating with 1024k entangled qbits, (which is… oh man… not an easy task), in which case, wow, congratulations. But what if I increase my key length to 100k? It might take an extra 3 seconds to check the key and log in, but it’ll take an extra 25 years for quantum computing to catch up.
Toribor@corndog.social 36 minutes ago
Won’t longer key lengths increase the overhead for everything?
_stranger_@lemmy.world 20 hours ago
Self hosted and air gapped.
Newsteinleo@midwest.social 19 hours ago
As long as the notebook is in a locked draw I would pass this on an IT Audit.
Patch@feddit.uk 15 hours ago
Unfortunately it’s a combination lock, and the code is written on a post-it stuck on the front of the drawer.
dangercake@feddit.uk 16 hours ago
And very power efficient
Nikelui@lemmy.world 1 hour ago
The indexing and search need improvement.
paraphrand@lemmy.world 19 hours ago
Quantum proof
finix_the_psyker@sopuli.xyz 20 hours ago
Just as the Lord intended.
appropriateghost@lemmy.ml 13 hours ago
we might laugh at this but I think this is useful. Even though I wouldn’t use something like this and I’d just use a regular dedicated blank notebook and my password manager, it can be useful to people who have problems with computers and can’t handle a password manager, yet may give pages with good templates to show how to record sensitive information.
win95@lemmy.zip 1 hour ago
Exactly this is the reason why I gifted it to someone. I’m already glad they don’t use 1 password for every website.
sugar_in_your_tea@sh.itjust.works 10 hours ago
I have hundreds of logins, the convenience of a password manager is just too nice.
techdaddyproxy@pawb.social 12 hours ago
Or for folks that would be otherwise leaving logins and passwords in a clear text file on their desktop (glares at coworker). It’s still clear text, but at least it’s air gapped. It’s not for me, but it’s certainly for someone.
dejected_warp_core@lemmy.world 12 hours ago
PSA: Home use? That’s probably okay. Work use? If you’re in-office, this is a ticking time-bomb that can get you fired, one way or another. Use the company 1password or whatever you have access to, please. Thank you.
ChaoticEntropy@feddit.uk 1 hour ago
InfoSec likes nothing more than for you to tell them not to worry because you write all your passwords down and only read emails after you’ve printed them. 100% secure.
Frostbeard@lemmy.world 1 hour ago
In my office I have a list that says passwords all nonsens and just as a decoy. I have a system that I use for rotation woth a visual reminder (by association, not directly) somwhere in my office
01189998819991197253@infosec.pub 21 hours ago
I see no issue with this, especially for an elderly person, for example, to keep at home. The only way this will get “breached”, is if someone breaks into her home. At that point, the password book is the least of her concerns anyway. In fact, from a cyber security point of view, this is brilliant if kept in a safe place, such as a locked safety box. You can’t really remotely hack a physical book.
TheGrandNagus@lemmy.world 1 day ago
Honestly, a physical password book isn’t a bad idea.
Not accessible via the internet, and in most cases if someone has physical access to your system you’re done for anyway.
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
tiramichu@sh.itjust.works 1 day ago
Yep. My Dad in his late 70s uses this system and it works great for him.
People make fun of it, but for people with low tech literacy this is actually far better than having a mish-mash of solutions where some their logins end up automatically saved in iOS on their phone, some are saved in Chrome on the desktop, some are just in their head, they don’t know where anything is, and are constantly losing access and resetting credentials all the time.
And it definitely reduces the burden on me of parental tech support, when its all in the book.
DJDarren@sopuli.xyz 1 day ago
My Mum died recently and my step dad is shit with tech, so their password book was invaluable in helping us gain access to her Apple account and her phone. It meant we were able to get to her iCloud passwords, so now we have access to everything.
So yeah, password books are actually pretty handy.
brot@feddit.org 1 day ago
Yeah, my in-laws have such a book and it honestly is great. They live in their own flat where nobody can access the book without breaking in. They do not save their passwords in their browser, so anyone hacking into their PC can’t grab them. If they want to login into an account, they take out their book, put in the user name and unique password and that’s it. Quite the good method and I really do not see many problems there.
tarknassus@lemmy.world 23 hours ago
“People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down.
We’re all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Obscure it somehow if you want added security: write “bank” instead of the URL of your bank, transpose some of the characters, leave off your userid. This will give you a little bit of time if you lose your wallet and have to change your passwords. But even if you don’t do any of this, writing down your impossible-to-memorize password is more secure than making your password easy to memorize.”
Romkslrqusz@lemmy.zip 17 hours ago
For the majority of my clients who use this kind of system, it is totally dysfunctional.
Most of the records are incorrect, my guess is that they occasionally reset the password on mobile while the book is inaccessible and then don’t remember to update it in the book later.
Effective use relies on the user’s understanding of umbrella accounts. I’ve had users have separate written entries for “Office”, “Skype”, “Hotmail”, and “Windows” because they don’t understand those things are all one Microsoft Account.
As passwords get updated, it can become a mess of crossed out records with new ones squished into the margins. When a someone dies, anything written illegibly can be difficult for surviving family to discern. As the book gets filled out, it can get tricky to keep things alphabetized unless the user provisioned additional empty space between records.
This system can work great for someone who is meticulous, neat, and organized.
For your average person, I’ve had better luck solving the problem with a password manager synced to an online account that is protected by MFA and has recovery options that are also protected by MFA.
pinball_wizard@lemmy.zip 14 hours ago
I’ve had users have separate written entries for “Office”, “Skype”, “Hotmail”, and “Windows” because they don’t understand those things are all one Microsoft Account.
In fairness to them, I get a new email every month or two from Microsoft letting them know that they merged another account that I didn’t ever ask them to.
A_norny_mousse@feddit.org 1 day ago
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
I disagree. Using this book will always lead to shorter passwords that are easier to type. That’s the main weakness imo.
Coffeephilic@lemmy.cafe 2 hours ago
a rubics-cube-shaped bling pendant
I’m imagining a different character on each face of each cubelet, which you would throughly scramble each time for a one-in-whatever-gagillion string? Am I getting that right?
Telodzrum@lemmy.world 1 day ago
Not at all. It will lead to easier to type passwords, likely. But that doesn’t mean shorter. This could easily be filled with passwords that are four words long with special characters interspersed.
hansolo@lemmy.today 1 day ago
What this book likely doesn’t suggest, is to just code the username.
I have 2FA backup codes in my go bag and nowhere do I write the usernames or even the service if it’s important.
You know your email address. If you lose this in an airport, writing “main email” makes it useless to anyone else.
twice_hatch@midwest.social 1 day ago
Don’t forget to use diceware. The human mind is not random enough www.eff.org/dice
lmmarsano@lemmynsfw.com 13 hours ago
The main weakness
is it’s a pain in the ass.
- Won’t generate strong passwords.
- Won’t fill out login forms for me.
- Manual, slower search and copying (worse for dyslexia).
- Increases risk of submitting credentials to wrong site/app (especially malicious ones).
- Increases error of mistyping credentials.
- More effort to back up & retrieve.
Eezyville@sh.itjust.works 17 hours ago
The main weakness it has is from a nosey flatmate, spouse, or child in the house.
Watch out for that home grown script kiddie
angelmountain@feddit.nl 23 hours ago
Still better than using the same password everywhere and/or saving passwords in an unencrypted text file on your computer somewhere.
Just not very user friendly.
kadup@lemmy.world 20 hours ago
I’m going back to paper for most things and I don’t know man, I think it’s more user friendly given the current tech landscape. My paper notebook never changed the interface to add a huge Copilot button.
sugar_in_your_tea@sh.itjust.works 20 hours ago
Neither did my laptop, desktop, or phone. I use Linux and GrapheneOS, so I don’t deal with most of the nonsense people have been complaining about.
Ulrich@feddit.org 17 hours ago
“For most things”? Like written notes are whatever, if you don’t mind carrying it around with you everywhere you go and hoping it doesn’t rain. But definitely do not put your passwords in there…
Modern password managers are super inexpensive, easy to use, and essential security tools. You can’t store your passkeys or TOTP in your notebook either.
spankmonkey@lemmy.world 23 hours ago
It is very user friendly, just cumbersome and slow.
roserose56@lemmy.ca 17 hours ago
Keeepass, simple and easy to use! keepassxc.org
cupcakezealot@piefed.blahaj.zone 23 hours ago
this is my internet password logbook
StrawberryPigtails@lemmy.sdf.org 1 day ago
So… It’s a password book? Like, pen and paper?Not the best choice for storing passwords, but I’d be more willing to do that than trusting Amazon not to hold my passwords hostage with a digital service by them.
ZoteTheMighty@lemmy.zip 18 hours ago
xkcd.com/2176
oppy1984@lemdro.id 18 hours ago
I should get this for my dad, he recently got a new computer at best buy and the geek squad told him his files were all in the cloud and sent him home. Guess who got a call the next day because “all my passwords are in a word document in some fucking cloud”. Yeah that was a fun day spent setting up his computer while listening to his rant about the geek squad and “the fucking cloud”… thanks geek squad…
Jankatarch@lemmy.world 13 hours ago
Is it AI powered tho?
bigbabybilly@lemmy.world 1 day ago
Oh yeah, this is for my in-laws. This is peak boomer tech right here.
DeathByBigSad@sh.itjust.works 15 hours ago
I dropped my book and now debt collectors are after me. 0/5 would not recommend.
ansiz@lemmy.world 23 hours ago
Sure, it’s a horrible idea in an open office environment but if someone wants to use this at home for all their passwords it really won’t hurt anything.
CallMeAnAI@lemmy.world 1 day ago
Best option for non techies at home.
flop_leash_973@lemmy.world 20 hours ago
My mother using something similar to keep track of her passwords for everything. While I prefer a password manager like Bitwarden or Keepass. I would rather her use a note book like this over something like Google or Apples password managers.
Or even worse, the same password for everything.
BlackPenguins@lemmy.world 1 day ago
That Web Addresses placement is killing me.
logicbomb@lemmy.world 1 day ago
This isn’t even weird.
I think most security experts would recommend that you have your most important passwords written down somewhere, and then hopefully locked up in some safe or deposit box somewhere. You don’t need to buy an entire book for it, but some people like to spend money.
If this is for your less important passwords, then for the most part, writing them down is actually better. You won’t be as tempted to reuse your banking password for your social media. And some people like writing things down. A password manager is a better solution, but lots of people aren’t as good with technology and if they even let the browser remember it, they won’t know how to retrieve it later if they want to use a different computer, for example.
aceshigh@lemmy.world 18 hours ago
That’s exactly what I use. Chances of my house getting robbed is small. Chances of yet another data breach is very high - this year my data was breached at least 2ce that I remember.
NauticalNoodle@lemmy.ml 10 hours ago
I had one of these I got it around 15ya but I never used it. I remember liking a particular aspect of it as if I had a specific use-case in which it would be handy but I can’t remember what that was.
lemmyng@lemmy.ca 1 day ago
I’d rather people use this than reuse the same password everywhere.
undefined@lemmy.hogru.ch 1 day ago
I would trust it more than the biometric payment method they’re pushing in Whole Foods
LogicalDrivel@sopuli.xyz 23 hours ago
Im guilty of this. I dont write out the passwords in plaintext though. Its mostly just a few letters to remind me of which version of my many “master” passwords i used and then asterisks. PW0****$ kinda thing. I know its bad but I can’t bring myself to trust a password manager.
A_norny_mousse@feddit.org 1 day ago
My master password is physically present as a mnemonic device, but not available digitally. Anywhere.
Beyond that I really cannot recommend this book: You need to be able & willing to type your passwords out, which means simpler and shorter passwords. I use 99 character complete random ASCII-strings by default. Try typing that in even once.
But there’s a different, unspoken criticism here: don’t store your database on a 3rd party server, a.k.a. “The Cloud”. I use KeepassXC btw. - and my very own “cloud”.
flemtone@lemmy.world 1 day ago
Would you trust Amazon or any huge corporation with all your login and passwords ?
eluvatar@programming.dev 1 hour ago
Still waiting for passkey support