The most ill conceived computer-related stocking filler on Amazon?
amazon.co.ukI would argue that this may be one of the best possible computer-related stocking fillers. Used religiously this would vastly improve the security of most users, as explained by the other posters. As well, the conversation it starts may be even more helpful. Explaining why writing down passwords is actually a good idea will go a long way towards educating people about the actual risks of passwords. Maybe you can convince somebody to use a software password manager instead and they'll use your gift for grocery lists. Either way, mission accomplished.
Writing down complex passwords is often better than using simpler ones you can remember. Especially if it reduces password reuse.
The probability of your home or work place getting burgled is probably lower than the chance of the N random websites you have passwords for getting hacked or burgled.
Agreed. Schneier made this point long ago: http://www.schneier.com/blog/archives/2005/06/write_down_you...
I adapted it to carry my passwords in my wallet: http://blog.jgc.org/2010/12/write-your-passwords-down.html
True, and furthermore, the probability of getting burgled by someone who gives a crap about your passwords is pretty much zero. There is very little overlap between the sets 'burglars' and 'identity thieves'.
More to the point, once you take the label off it's just a black bound book. How many burglars are taking boxes of books out of houses? Unless you're the owner of a rare book collection, probably very few.
A list of passwords written down is a whole lot more secure than a single really simple passwords used on each site. And if you keep the book as secure as your car keys, it's as secure as an average user is going to be.
It's more portable that software password managers, though the passwords are likely to be less secure. Then again, I keep ending up having to narrow down what characters I can and cannot use in a password after generating them, so you can't make as much use of that as you'd want. A lot of user will still just use '1234' everywhere, but for most users it might actually be pretty good.
On top of that, having a list of accounts makes it easier to cross reference them when you see a news report about a site's password database being leaked.
I don't think that is ill conceived - I would be much more comfortable giving non-technical users something like this and telling them to:
a) keep it physically safe
b) use a relatively simple, memorable cipher (e.g substitution)
c) use a different password for each site
... rather than trying to get them to use LastPass or Password Safe or the like.
A kindle version of this would probably qualify for 'most ill conceived' however ;)
The problem is that the cover is far from inconspicuous. :)
The product description says "Removable label and discreet cover design", though.
Ah ... didn't see that.
Alright. Let's take a personal inventory.
Chance of burglary: ???% Chance that one of the 1000 sites you signed up for gets hacked because they're bad at security: ???% + 1
I'd much rather buy this for my grandparents and have them use 1000 complex passwords than have them use one password for everything and have them be screwed when X Service gets hacked.
But let's be serious, this isn't going to get stolen.
If it gets stolen, you lose your identity. If you lose it, you can't get access to your life. Awesome
Not everyone's life is on the internet only.
Not sure what point you are making. This is or recording passwords and usernames. 95% of passwords will be for online services.
Every website has a way of resetting your password. You'd be fine.
Thus you negate the need for the book :-)
Then you buy two books and put one in a safe at a bank and, once in a while, you keep it in sync with the one you keep at home / on the road.
If a burglar steals it, you can run at the bank to take your 'backup list of passwords' and start changing your passwords.
If you lose it, same thing.
Then you re-create another book so that there's always one in a safe at the bank ; )
I've got a list of all my passwords, without any encryption, in a safe at the bank. They serve two purposes: in case I forget my passwords (I do write them down at home in some 'encrypted' form that is not meant to resist the NSA but that would stop 99.99999% of all the burglars on earth) or in case I die (my family would then be able to access my various online accounts).
So now you have two books that will be out of synch, which is worse than losing the book in the first place. And your book can still be stolen. Only this book will be totally up to date (which is fantastic for the thief) but the book in the safe probably won't be.
This is not inspiring in me further confidence in the methodology...
Ok it's more secure against bruteforce hackers at the other end of the world, but you'd better have nothing to hide to your wife, children and coworkers with this kind of tool.
That's actually an advantage, IMO. My wife knows the password to my password manager in case I get incapacitated. I should also put similar instructions in my will.