[Discuss] password amnesia

[tmetro+blu at gmail.com (Tom Metro)]

Richard Pieri wrote:
> It's a thought experiment. You're supposed to follow the experiment in
> your mind through to the end and draw conclusions from the results. You
> personally can remember your commonly-used passwords. Can you honestly
> and truthfully say that about every person in the world? No, you can't.

Correct. I wouldn't have gone down that path anyway, as I would find it
hard to imagine a situation where a person can't remember any passwords
at all, unless there are aging or medical considerations.


> The rules of the experiment are there to put you in the position of
> someone who can't remember their commonly used passwords, never mind the
> infrequent ones, and may have difficulty remembering or entering their
> vault password.

So what's the objective of this exercise? Are you looking for practical
answers or are you just looking for reasons to shoot down the idea of
password safes?

If you're in that situation, use a trivial password, like your own name,
to get into your password safe. (Or a null password, if the software
will let you.) If you keep the encrypted safe file on your local PC,
you're still operating with higher security than probably 80 or 90% of
non-technical users.

Some form of biometrics would be another option. Fingerprint readers
(the cheap kind built-in to laptop) may be easily defeated, but
protecting a password safe stored on a PC in a private home is again
going to be more secure that what most users end up using.

Keepass supports encrypting using both a pass phrase and optionally a
key file. It may be possible to use a key file and no password. So stick
the key file on a USB drive, and carry that around with you. Bam, no
passwords to remember. :-)

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/