Some experts – Bruce Shneier in particular – advocate writing down the passwords and keeping it somewhere safe, such as your wallet. Our Lab Blog says, ‘encrypt your passwords, then write them down and stick ’em in your wallet.’ Good advice, all that.
So now let me throw this out as food for thought: Instead of saving your passwords in your wallet, how about saving it on your phone?
Even the dumbest phone models today will probably include a Notes-type program that allows users to handily save helpful bits of information. And like wallets, phones are usually one of the most closely held personal belongings most people own.
Actually, my phone spends even more time with me than my wallet does – it’s always within reach or in my back pocket, whereas my wallet is relegated to a desk drawer in office, where it may stay while I’m out for lunch, or in my handbag or on my desk while I potter around the house. So physically, my phone is far more secure than my wallet.
One advantage a phone has over a scrap of paper is that a phone can be password-locked for extra security; wallets can’t. There are occasions when I have friends and acquaintances handle or even look through my wallet at times (idle curiosity? I don’t know). I trust them not to hunt for and nick my passwords, but the possibility still remains.
Which brings me to another point – scraps of paper are incredibly mobile. That is, assuming someone’s gained physical access to my wallet, paper is easy to move from wallet to hand. Unless I check my wallet regularly and notice the paper’s absence, it’s easy to take and not so easy to miss.
With a locked phone, both accessing and stealing the saved passwords becomes much more troublesome. For one thing, they’d have to know your password to get into the phone – and you know all about creating strong passwords, right? And for another, having to SMS, MMS, Bluetooth, IR or otherwise extract the information out of the phone takes more time and effort, another barrier to theft.
You could even go the extra distance and save your password on a bit of paper in your wallet AND on your phone. After all, if you happen to lose both at the same time, you’ve probably got bigger problems to worry about than missing passwords.
And yes, I do save only part of my computer passwords on my phone. Now…where did I put it…
After F-Secure principal security consultant Tom Van de Wiele stepped into the #CyberSauna for the second episode of…
January 19, 2018