Comment On Mixed Messages

Write down your password, memorize it, and then eat it.

Finally got first... dangit.

Make sure nobody knows your password, not even you. You can't trust yourself to keep your password secret, can you?

Maybe they meant it as a parallel construction like: don't make it simple and (don't) always write it down in a safe place.
So I guess that means you should either periodically refrain from writing it down, or just write it down somewhere everyone has access to. Seems like sound advice to me.

They are obviously proponents of quantum security - they want you to be in the superposition of both writing your password down and not writing it down. You'll only know which it is when you check to see if you did actually write it down or not (so don't do that!) ;-)

Write it on a 'post it' and stick it to the side of your screen like everyone else.

If it's the password for a really secure system, write it on the back of the 'post it' so you can't see it whilst sitting at your desk.

CAPTCHA: smile, (I am, it's 35 mins till pub time on a friday!)

Schroedinger's password??

send a friend into a room and ask them to either write down a password or not.

never let your friend out of the room and never ask them through the door if they have done (or not done) it.

seems perfectly reasonable to me.

CAPTCHA:- tastey (mmmmmm Schroedinger's cat food?)

You know, I never got passwords sometimes. Our ITS put a password on a public computer and then wrote it on a sticky and put it next to it so people could log in. That's security!

I ALWAYS write down my password in a safe place, and I NEVER write down my password! Jeez, it's not rocket science!

captcha: paint. like ms paint?

tsrblke:

You know, I never got passwords sometimes. Our ITS put a password on a public computer and then wrote it on a sticky and put it next to it so people could log in. That's security!

Actually it can make sense. There are (have been) exploits for Windows where you can get access to a computer that's not password protected

Always write your password down and save it, but never keep a copy of your password anywhere.

If you've written your password, certainly don't write it again.

But you need to write down your password, especially if you haven't already, but be sure not to write down your password.

Your password should only be memorized, and not written down.

Here's a tip: Write down your password.

This is about security. You should encrypt your password with a random 1024-bit key, and write the encrypted password on a Post-It. You should memorize the random key, and never write it down anywhere.

Maybe they're trying to do a little CYA. If you forget your password because you didn't write it down, then they can point to the first message, and if your security is compromised by writing the password down, they can point to the second.

As with all other problems in society, I blame lawyers. ;)

Make sure that you haven't failed to ensure that you've never succeeded in forgetting to remember not to refrain from omitting the step of not not not not not not not not not not writing not down what not is not your not password, which you should never not keep not written not down in a not unsecure non-place.

I never write down passwords.

I always create a write-up of my password list.

Can I post my password here? Whenever I can't remember it, I'll check the cached page from Google.
Much better and secure than write down in a Post-it!
;-))

Of course what you all should be doing is writing your password in a word processor, printing it, putting it on a wooden table, taking a photo of that, scanning it, then printing the result and sticking that to your monitor...

Even if someone claiming to be from computer support or a vendor asks for any password and I'm sure they are who they say they are they still aren't getting it. If I can't use my password for whatever reason (like logging in) no amount of register hits will make the non-working password suddenly work. Therefore they don't need it.

Give him the stick!
NO DON'T GIVE HIM THE STICK!

(who gets that reference?)

Will:

Make sure that you haven't failed to ensure that you've never succeeded in forgetting to remember not to refrain from omitting the step of not not not not not not not not not not writing not down what not is not your not password, which you should never not keep not written not down in a not unsecure non-place.

Thank you Mr. Rimmer! ;)

They should have added, "Also, make sure your password isn't actually 'password'"

they forgot the parentheses, it should read "do NOT (make your password too simple AND write down in safe place)."

User/Password = demo/demo
http://demo.cpanel.net:2082/frontend/x3/passwd/index.html

If you click Help at the bottom of that page (though it's hard to see; dark text on a dark background), it tells you about strong and weak passwords.

"3men" is weak because it's a "dictionary word".

I wonder what it means?

My password is the same as Dark Helmet's...

1-2-3-4-5

bstorer:

Maybe they meant it as a parallel construction like: don't make it simple and (don't) always write it down in a safe place.

You're on the right track: IFF you don't make it simple don't write it down in a safe place.....but if you make it simple then sure, write it down in a safe place.

But what's "safe"? Proof against flood? Perhaps your blog is a safe place?

1. create secondary account on your computer
2. let it reboot the computer the second it starts via a profile script or what not.
3. write THAT password down on a post-it

MX5Ringer:

Write it on a 'post it' and stick it to the side of your screen like everyone else.

If it's the password for a really secure system, write it on the back of the 'post it' so you can't see it whilst sitting at your desk.

That's terrible advice! Everyone knows that the Post-its with the really secret passwords should be stuck to the underside of the keyboard at your desk, because no one would ever think of looking there!

mkb:

Give him the stick!
NO DON'T GIVE HIM THE STICK!

(who gets that reference?)

Do you know my dad?

Reaver:

Thank you Mr. Rimmer! ;)

Space Corps Directives 18764 through 234254582348334-G explain the password storage guidelines quite clearly.

"love", "sex", "god" - why should I ever write down my passwords? :-)

I always write down my password on the backside of a mobius strip.

Write down somebody else's password.

You want a secure password? Here's how:

1. Open up 10 windows at random
2. Hit print-screen (or *nix equivalent)
3. Calculate random x-y point on screen
4. Calculate random number (n) in range: 6..13
5. Take ASCII equivalent of n bytes from x-y index into screen dump
6. Convert to md5 hash
7. Use the hash itself as the password of the day
8. Carefully write the hash down on a Post-It
9. Put the Post-It on the computer NEXT TO yours
Voila!

For extra security, take picture of Post-It on computer on wooden table...

tsrblke:

Our ITS put a password on a public computer and then wrote it on a sticky and put it next to it so people could log in. That's security!

At MIT the root password was widely published so that people wouldn't waste their time breaking in. Security was handled in depth instead.

I can still remember it.

Why not just engrave the password into the plastic bevel around the monitor? Then you could get a new monitor every 90 days (or whatever your password rotation interval is)

gumby:

tsrblke:

Our ITS put a password on a public computer and then wrote it on a sticky and put it next to it so people could log in. That's security!

At MIT the root password was widely published so that people wouldn't waste their time breaking in. Security was handled in depth instead.

I can still remember it.

Are you going to share it with us?

Get that kid off my ice you little wankers!

Jon:

Of course what you all should be doing is writing your password in a word processor, printing it, putting it on a wooden table, taking a photo of that, scanning it, then printing the result and sticking that to your monitor...

Congratulations.

You finally killed that fucking joke.

codemoose:

I always write down my password on the backside of a mobius strip.

Lol, I woke up my neighbours from laughing so hard :D

When the previous Visual SourceSafe admin left the company, I took over that role by default. He gave me one of his business cards, with the SS admin username and password written on the back of it. That card sat right on my desk for years. But I kept it face up, so the password was always hidden. :-)

1-2-3-4-5?? That's the combination to my briefcase!

Reversing the numbers is Not A Good Idea. Pay attention, this is actual rocket scientist lore. 5-4-3-2-1 is often followed by a very loud explosion with lots of smoke and flame and bits of rocket flung in all directions. You don't need to write anything down. Your password will be recorded by launch-pad telemetry.

p.s. A blockhouse with thick concrete walls is advised.

Captcha: doom

and.. "Don't run with scissors!"

This is merely an error in copy editing. Big deal.

I've worked on many a document where I've gone over it dozens of times and not spotted an error until I've printed out the darned thing, when, of course, it fairly leaps off the page.

Just this morning I spotted an error on one of our web pages where the word "database" was incorrectly spelled "deatabase". In the logo! I have no idea how many pairs of eyes viewed and reviewed that before it went up on line.

Human perception is a very strange thing. We miss seeing things and often see things which aren't there. Anyone who has spent any time at all studying human factors can probably tell dozens of stories about seeing is not believing.

MrBester:

Even if someone claiming to be from computer support or a vendor asks for any password and I'm sure they are who they say they are they still aren't getting it. If I can't use my password for whatever reason (like logging in) no amount of register hits will make the non-working password suddenly work. Therefore they don't need it.

NO NO NO! Whenever anyone calls claiming to be from IT Support or the Help Desk you should ALWAYS give them your password. Plus if they need it, your Social Security number and routing number for your bank account. They need all that to reset your account.

I just got a call yesterday and they were very helpful.

Steve:

This is merely an error in copy editing. Big deal.
..snip

Yes but thats what makes it funny. If people fixed all the mistakes, I would not enjoy watching Leno on Monday nights when they show all the headlines.

Steve:

This is merely an error in copy editing. Big deal.

I've worked on many a document where I've gone over it dozens of times and not spotted an error until I've printed out the darned thing, when, of course, it fairly leaps off the page.

Just this morning I spotted an error on one of our web pages where the word "database" was incorrectly spelled "deatabase". In the logo! I have no idea how many pairs of eyes viewed and reviewed that before it went up on line.

Human perception is a very strange thing. We miss seeing things and often see things which aren't there. Anyone who has spent any time at all studying human factors can probably tell dozens of stories about seeing is not believing.

A long time ago I was taught to avoid stuff like that by reading your material backwards. Since you don't have context, you can't read what you meant; you only read what you wrote. It takes a while to get used to, but it really works!

I write my passwords on a Post-It - backwards, and then leave it plain view. The security folks do a sweep every now and then looking for these kinds of things, but when I show them that they're not passwords for anything at work, they leave me be. Of course, it drives my coworkers nuts when they try to get into my PC and the "passwords" don't work...

Hmmmm: captcha: craaazy - yes, they think I am!

A coworker of mine took a blank NY Times Sunday crossword puzzle, and filled in some of the blanks with the passwords he uses, and the rest with unrelated words. He has it tacked to the bulletin board next to his monitor, and doesn't know that I figured out what he uses it for.

Muhahahaha!

declare @newpass varchar(50)

set @newpass = newid()

exec sp_password @loginname = 'user_I_hate', @new = @newpass

print @newpass

Yep. I reset your password alright. It is 'AE671917-1C1F-4768-9AC6-C4F0EC45E5AD'....no wait, it is 'D30403F6-4B77-449A-AC72-EF7BB81A3E6B'....no....

                              ___-----------___

                        __--~~                 ~~--__

                    _-~~                             ~~-_

                 _-~                                     ~-_

                /                                           \

               |                                             |

              |                                               |

              |                                               |

             |                                                 |

             |                                                 |

             |                                                 |

              |                                               |

              |  |    _-------_               _-------_    |  |

              |  |  /~         ~\           /~         ~\  |  |

               ||  |             |         |             |  ||

               || |               |       |               | ||

               || |              |         |              | ||

               |   \_           /           \           _/   |

              |      ~~--_____-~    /~V~\    ~-_____--~~      |

              |                    |     |                    |

             |                    |       |                    |

             |                    |  /^\  |                    |

              |                    ~~   ~~                    |

               \_         _                       _         _/

                 ~--____-~ ~\                   /~ ~-____--~

                      \     /\                 /\     /

                       \    | ( ,           , ) |    /

                        |   | (~(__(  |  )__)~) |   |

                         |   \/ (  (~~|~~)  ) \/   |

                          |   |  [ [  |  ] ]  /   |

                           |                     |         

                            \                   /

                             ~-_             _-~

                                ~--___-___--~