For many , many years , you ’ve heard the advice : “ Never write your word down . ” This is trumpet at employment , from online services , from financial institutions . Well , it ’s wrong . Not in every grammatical case , but in many . It encourages the great unwashed to piece weaker passwords — either in complexity or length — because they have to manage them .

If you ’ve acquire a password - direction app like 1Password or LastPass , you should n’t ask to drop a line anything down , of grade : your devices retain and optionally sync passwords and other secure data , and you have to remember a single piece of information — namely , your victor countersign . But what if you block that ? We are all imperfect , and sometimes our brains work against us .

This false impression , which may seem intuitively right to us , stems from the use of watchword in work and academic environments long before individuals on a regular basis needed to use watchword elsewhere , peculiarly complex ones due to the risk of remote , meshing - based exploits .

Sticky notes are our last line of defense

In a property in which you’re able to not be sure that other people do n’t have access to your hooey , writing a password down is reckless . cast it on a unenviable annotation on your monitoring gadget is even more so , particularly if you ’re in a berth where visitors or even random people may be capable to vagabond by . Security may check that nobody give with paperwork , but it ca n’t metal - detect - wand someone ’s mind .

And if your work says not to write passwords down , either it or you could have liability associate with a surety breach . How many time recently have we heard of laptop computer being lost or steal , protect with a bad password or none at all ? ( You ca n’t write down a password if it does n’t subsist , of grade . )

But here ’s the affair : That ’s work ! It ’s their problem ( and yours ) about managing passwords there . At home plate , your parole - access - ascendance concern are immensely different . Do you live alone ? If you live with others , are you concerned about them having access to your parole ? If so , do you worry they will rifle through your thing to find them ?

The greatest risk most dwelling users front is the vast , seething pool of criminals , vandals ( those in it for lulz ) , governments , and random opportunists . These risk emerge from remote memory access and , typically , exploit . This can be gargantuan password escape that discover millions of account secrets . Or it can be a software unsuccessful person , whether in apps residing on your computer or cloud services , that permit recover passwords or test one thousand thousand of uncouth ones without being lock out .

The risk is rarely someone gaining physical approach to your home , figuring out where you salt away the word , and either copying down , photographing , or running off with the list or notebook .

Now , if you ’re in shared lodging , part of a family unit , or routinely have unknown pass along through your home base , you ’ll require to take extra measuring rod . This can let in , as protection guru Bruce Schneiersuggested back in 2005 :

I recommend that people write their passwords down on a small piece of paper , and keep it with their other worthful small pieces of newspaper : in their billfold .

As long as you do n’t include service or web site names with those countersign , the passwords on their own are valueless in most showcase if that piece of newspaper were lost . It ’s only valuable to people who might already have access to your computers or other devices .

Techniques for variation

If you ’re writing down passwords , ease assist , but you do n’t have to be less secure when you pick something memorable and wanton to write out and also infix . The most commonly used type are so - calledDiceware passphrases , which combine randomness with a meek dictionary , available in many lyric . It may seem counter - visceral to employ words found in a dictionary , but a random compounding of multiple words ca n’t be hit with brute force out , even when all the parole are known .

These work wherever you could inscribe foresighted passphrases and are n’t set by outdated and inaccurate impression of safety through complexness . ( One enterprising tween , the daughter of a privacy journalist , arrange up her ownartisanal Diceware creation line of work . )

When you ’re more restricted in what you may find fault , you may turn to password - pattern systems , which are available as pre - printed cards and as apps . Rather than storing the full password , these systems help oneself you yield a stub that you may use a stock rule to append to . The rule ca n’t be guessed , and has enough pas seul in it to get a password that ’s highly resistent to brute - force-out crack over very long stop of computationally intensive attempt .

you may even line up factual billfold notice , likeQwertycards , which print unique variants for each client , or employ an app likePassword Chef , recently review at Macworld .

Even better , write down a parole ( something you know ) and enable two - ingredient authentication ( something you have or are ) . That second factor can be generated by an app , ship as a schoolbook substance , or produced in service ’s own software , or you may practice Touch ID or other biometrics to validate your identity . Someone stealing all your two - divisor - protect write - down word still ca n’t access your chronicle without the 2nd element , too , all of which will likely reside in your headphone . ( Amazon just give its two - agent system to all customers . I recommend you enable it . )

I surveyed coworkers at one technical school - oriented outlet for which I edit about their password habit , and there was a good and surprising snag between password - direction ecosystem and simply writing thing down . The incentive of writing down parole ? you may leave alone information for friends , partners , partner , family , and colleague in the issue you ’re disable , or worse . A mind is a for good locked room when the key is lost , unlike a piece of paper .