You must log in or register to comment.
Honestly, for at home personal use, it’s better than any on device password manager. It’s not hackable. Someone has to break into your home and steal it. For an office environment though…worst way to handle it after sticky notes.
It’s actually super useful for old people, who sometimes like to “accidentally log off” and stuff.
Or Microsoft who randomly needs to verify someone’s identity before they can log into.tgeir computer but the user doesn’t have a smart phone. So they need to call someone trusted to have them log into their email from a different computer just to get the code so the user can log into their computer.
But that also means they didn’t have access to any saved passwords so a notebook helps.
I really should put Linux on her machine but then I have to show her how to do that too. It’s a lose-lose so I keep it the same.
I miss local accounts.
You can still use local accounts with Windows 11. It’s just a bit fiddley. If you use Rufus to make your boot usb, there’s a bunch of deshitification options you can do.
I save all my passwords in a README.txt file
That’s how they get you, i put mine in a DONTREADME.txt file.
Still waiting for passkey support
So far the combined might of the Russian, Chinese, American and North Korean hacking teams have been unable to crack the post-it note on my desk.
Add an extra layer of security by putting it in an envelope and stapling it to the bottom of your desk
now they know where to look.
If they’re in my apartment I’ve already got bigger problems.
You didn’t know they were coming, didn’t tidy up, and now you feel awkward. The struggle is real.
This isn’t the flex you think it is, OP. 99% of cybercriminals are also cowards. Physical security of ANY kind beats even the best password managers.
If you don’t know what lattice-based encryption is and how to purchase it through NordVPN, start reading up because encryption as we know it isn’t long for this world. Pretty sure they already dragged their feet too long on Bitcoin’s algorithm but the day cracking common ciphers is within the grasp of quantum clusters is the day we all become Amish. Plan accordingly!
My understanding is that quantum computing has been taken into account for some modern cryptography. And that memory-hard cryptography basically defeats quantum computing solutions. There are a few methods, but one of them is just very long keys, it’s trivial to make a cryptographic key longer.
So sure, you could defeat some of that with a machine operating with 1024 entangled qbits, (which is… oh man… not an easy task), in which case, wow, congratulations. But what if I increase my key length to 100k? It might take an extra 3 seconds to check the key and log in, but it’ll take an extra 25 years for quantum computing to catch up.
Won’t longer key lengths increase the overhead for everything?
Yes and No.
Yes, everything increases in difficulty but the increases in difficulty are asymmetrical.
The difficulty of reversing a computation (e.g. reversing a hash or decrypting an encrypted message) grows much faster than just performing the computation (e.g. hashing a message or encrypting one).
That’s the basis for encryption to begin with.
It’s also why increasing the size of the problem (e.g. the size of the hash or the size of a private key) makes it harder to crack.
The threat posed by quantum computing is that it might be feasible to reverse much larger computations than it previously was. The caveat on that, however is that they have a hard limit of what problems they can solve based on the number of qbits they have.
So for example, let’s say you use RSA for encryption and someone builds a 1024 qbit quantum computer. All you have to do is increase your key size so that it would require 1025 qbits to crack, and then that quantum computer wouldn’t provide an attacker any benefit at all.
(Of course, they’d still be able to read your old messages, but that’s also a fundamental principle of cryptography; it only protects you for a period of time)
Can’t wait to hand write my 32-bit passwords.
My handwriting comes with free encryption at rest. Even I might not be able to read it.
You haven’t changed your password for 30 days. Reset it now.
PSA: Home use? That’s probably okay. Work use? If you’re in-office, this is a ticking time-bomb that can get you fired, one way or another. Use the company 1password or whatever you have access to, please. Thank you.
InfoSec likes nothing more than for you to tell them not to worry because you write all your passwords down and only read emails after you’ve printed them. 100% secure.
In my office I have a list that says passwords all nonsens and just as a decoy. I have a system that I use for rotation woth a visual reminder (by association, not directly) somwhere in my office
we might laugh at this but I think this is useful. Even though I wouldn’t use something like this and I’d just use a regular dedicated blank notebook and my password manager, it can be useful to people who have problems with computers and can’t handle a password manager, yet may give pages with good templates to show how to record sensitive information.
Exactly this is the reason why I gifted it to someone. I’m already glad they don’t use 1 password for every website.
I have hundreds of logins, the convenience of a password manager is just too nice.
Or for folks that would be otherwise leaving logins and passwords in a clear text file on their desktop (glares at coworker). It’s still clear text, but at least it’s air gapped. It’s not for me, but it’s certainly for someone.
Self hosted and air gapped.
And very power efficient
The indexing and search need improvement.
As long as the notebook is in a locked draw I would pass this on an IT Audit.
Unfortunately it’s a combination lock, and the code is written on a post-it stuck on the front of the drawer.
The combination is 1-2-3-4-5!
How the fuck do you know my PIN number?!
That is still better than in a password manager with no access controls
Quantum proof
Just as the Lord intended.
I see no issue with this, especially for an elderly person, for example, to keep at home. The only way this will get “breached”, is if someone breaks into her home. At that point, the password book is the least of her concerns anyway. In fact, from a cyber security point of view, this is brilliant if kept in a safe place, such as a locked safety box. You can’t really remotely hack a physical book.
her
What?
Sorry, it just read to me like you’re presuming a old person that struggles with tech would be a woman. I should’ve left a more constructive comment.
Oh! Hahahahaha!! Not at all! I specifically had my grandmum in mind, since my grandad has passed long ago.
Oh haha sorry!
Keeepass, simple and easy to use! https://keepassxc.org/
For a lot of people at 60+, writing things down is easier and safer. It will also help anyone that would need to troubleshoot or in the event of death in a very simple way.
* for the tech inclined
Managing sync between mobile and desktop is a bit more complicated than average consumers have the patience for (it’s really not very complicated, average consumers are just impatient)
I’ve found 1password a good compromise. Unbreached so far!
i got bitwarden
Here’s the thing … as crazy as a notebook with passwords sounds, it’s not accessible to someone across the internet.
Password managers check the URL before giving its data. A human being can be fooled into giving it to a fake web site.
TBF, they can be fooled too.
Bitwarden warns against using autofill on load for that very reason, as then simply loading a malicious page might cause it to provide passwords to such a site.
And then, a human when a site doesn’t autofill, is more likely to just go “huh, weird” and do it manually.
You’ve always got the human element, bypassing security features; but extra little hurdles like a password manager refusing to autofill an unknown url is at least one more opportunity for the user to recognize that something’s wrong and back away.
If you’re already used to manually typing in the auth details, you may not even notice you’re not on the site you were expecting.
they can be fooled too.
Makes it harder: when I go to the wrong website, the manager simply doesn’t suggest credentials (it does not have) for it. That causes me to wonder why.
Without a password manager, a user is never prompted to wonder. They’d simply not notice.
Wait, what? How does autofill get fooled?
Someone manages to maliciously sneak username and password fields onto a site that store what is entered as soon as it’s typed. They don’t even have to be visible to the user and bitwarden will fill them in as soon as the page loads.
Bitwarden will only autofill if the domain matches.
Right, “maliciously sneak”, as in they’ve either gained access to make changes to the site ditectly, or they’ve found a way to inject their scripts to steal creds.
And how is that any different from not having a password manager?
Yes, if someone hijacks a domain they can get credentials intended for that domain. A password manager doesn’t make a huge difference here, because why would they make the site look any different than normal?
Yeah, It’s actually quite a secure way to store passwords, since it requires physical access.
I knew a guy who had a drawer full of slips of paper with passwords written on. He called it the “security drawer”. Made me smile, but probably shouldn’t have been advertising it.
Oh I know him. What a weirdo. Fun guy tho. Did he move what’s his new address anyway?
Just maybe don’t plaster “THESE ARE MY SECRETS” on the cover. Security through obscurity.
My mom had a nice little notebook for passwords. But when she passed, we couldn’t find it anywhere… We went through the whole apartment, everything.
Not having her passwords made a lot of things harder, closing her accounts, accessing her laptop, phone, etc. So while you shouldn’t advertise it, do tell a few people where to find it if they need to.
INTERNET PASSWORD LOGBOOK is probably a paper slip that you can remove, and then it’ll just be a blank leather journal.
Now a REALLY secure physical logbook would just have the cover of a boring, unremarkable-looking book on the outside.
but:
-
way less convenient to generate dozens and dozens of unique, complex passwords. which means it’s less likely to be used/updated as much as it should be.
-
not tied into MFA which is an additional layer of security and convenience
-
Please hold your password notebook in front of the laptop camera.
It depends on what the user fills it with.
Even the objectively safest solutions will be much shorter, and have less entropy, than what a pw-manager can deal with.
Their Ring camera that points directly at the desk they keep this notebook on: “it’s showtime”
Still better than using the same password everywhere and/or saving passwords in an unencrypted text file on your computer somewhere.
Just not very user friendly.
I’m going back to paper for most things and I don’t know man, I think it’s more user friendly given the current tech landscape. My paper notebook never changed the interface to add a huge Copilot button.
Neither did my laptop, desktop, or phone. I use Linux and GrapheneOS, so I don’t deal with most of the nonsense people have been complaining about.
Neither did my laptop, desktop, or phone. I use Linux and GrapheneOS
GrapheneOS is a significantly more complicated and less accessible option for most users compared to a simple paper notebook, which is the context of this post.
But if you want to go this deep, then yes, maybe your phone using your custom OS never introduced Gemini or Copilot without your will. It is however running a Qualcomm modem firmware you can’t control and is phoning home, regardless of your GrapheneOS settings, with your GPS coordinates and other data you can’t read, at any time. Don’t worry, with tech we can always find a malicious feature that works against the user, regardless of how deep you want to dive.
It is however running a Qualcomm modem firmware you can’t control and is phoning home, regardless of your GrapheneOS settings, with your GPS coordinates and other data you can’t read, at any time.
Can you expand upon this?
Sure, there are always things you can’t control in a mobile phone because modem manufacturers don’t like to give up that control (and I’m sure there are regulatory concerns as well).
My point is that if you don’t want Gemini, Copilot or whatever, you can make choices to avoid them. Each choice has consequences, and some just reveal issues you had ignored up to that point (e.g. your modem issue).
But why not a paper notebook? For me:
- easy to lose/forget to pack on trips; can’t lose a cloud service
- paper doesn’t have a good backup mechanism
- can’t copy/paste into my devices from a paper notebook
- I’m much less likely to use good, random passwords with a notebook
I use Bitwarden, which gives me a lot of convenience, allows me to self-host and iwny data, and encourages me to use really strong passwords.
“For most things”? Like written notes are whatever, if you don’t mind carrying it around with you everywhere you go and hoping it doesn’t rain. But definitely do not put your passwords in there…
Modern password managers are super inexpensive, easy to use, and essential security tools. You can’t store your passkeys or TOTP in your notebook either.
if you don’t mind carrying it around with you everywhere
I doubt the target demographic for a paper password notebook is logging into their accounts everywhere, as if that’s some common occurrence.
and hoping it doesn’t rain
Ah yes, famously, before the invention of laptops universities and schools didn’t work on every single rainy day, because paper notebooks and books are impossible to keep dry. As a matter of fact, the UK never had an educational system before the digital age for this very reason, it’s so sad.
You can’t store your passkeys or TOTP in your notebook either.
You shouldn’t store 2FA and recovery codes on your password manager. They offer the feature as a competitive selling point, but the entire point of having 2FA is avoiding single point of failures.
paper notebooks and books are impossible to keep dry
Not impossible but shit happens. Used to happen to me all the time. I used to walk/bike everywhere.
but the entire point of having 2FA is avoiding single point of failures.
Your password manager is not usually the point of failure, it’s almost always the provider.
You’re not wrong, I just can’t be arsed to manage 2 separate password managers.
You’re not wrong either, I just think we are talking about two very different kinds of user here, and they have different levels of challenge and convenience to balance. I’m not even talking about myself: I moved everything to analog, but not my password manager - I use a password manager like yourself, a 2FA app and a physical USB key.
and hoping it doesn’t rain
Some papers resist water and are not crazy expensive. If its a notebooksl you are going to carry everywhere I guess it could be a good buy.
It is very user friendly, at least for reliability and security if you keep it in a safe location. It is cumbersome and slow.
I should get this for my dad, he recently got a new computer at best buy and the geek squad told him his files were all in the cloud and sent him home. Guess who got a call the next day because “all my passwords are in a word document in some fucking cloud”. Yeah that was a fun day spent setting up his computer while listening to his rant about the geek squad and “the fucking cloud”… thanks geek squad…
As a software engineer who values humanity has done a good bit of work with “the cloud”, i think your dad has the right set of feelings towards the cloud. That fucking cloud can go get bent
Oh I agree but it would be nice if he’d have listened to me years ago and started using a password manager at least. I know he’ll never go full self hosting, but come on at least use Bitwarden!
Is it AI powered tho?
