Wednesday, May 25, 2005

Microsoft: It's okay to write your passwords down

Picture credit:
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThe senior program manager for security at policy at Microsoft, Jesper Johansson, has some pragmatic advice. He recently told attendees of an AusCERT conference that it's okay for companies to let employees write their passwords down.

"I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."

According to Johansson, use of the same password reduces overall security.

"Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it," Johansson said. "If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords."

Johansson said the security industry had been giving out the wrong advice about passwords for 20 years.

Just don't tape them to your monitor, okay?

Microsoft security guru: Jot down your passwords

No comments: