Who still uses the traditional method of storing passwords (written down) in an actual physical safebox vs modern methods like password managers? What are the pros and cons of each method?
4 Answers
There are still people who use both options with benefits to either. One thing to keep in mind is that there are a variety of threats that are dependent on password strength rather than someone actually finding your passwords on paper.
The 'Safebox':
Lets break this down into a few traditional 'safeboxes'.
A Wallet - This method provides some security in that you (generally) take it with you everywhere and rarely lose possesion of. If you have passwords in this and your wallet gets lost or stolen you really have to hope no one can wreck havoc with them.
Under your keyboard - Please don't do this at work just a bad idea. At home maybe, since unless you are a bank exec or notorius cyber criminal no one will target your passwords when they break into your house.
In an actual safe - Okay, now we're talking! That seems like a decent idea unless your adversary is a government or a hardened criminal.
One of the decent things about a Safebox of varying types is that those passwords are very hard to steal from you. There is always the potential that your website account gets compromised because of a companies lax security or eavesdropping over unsecured or poorly secured connections.
Because of this, even if you write down passwords and use a safe, keep them unique and strong passwords or else if your account on one site gets compromised your account on other sites might also get compromised.
The Password Manager
There are several kinds of password managers each with their own set of benefits and flaws. One immense improvement over a safe is that most password managers can generate lengthy, randomized passwords that would be incredibly hard to guess. There are also differences in the sorts of digital password managers you could use.
Browser Storage - Firefox, Chrome, and many other browsers have some component of password management built in. However, these passwords are easily accessible with brief access to your machine while logged in. They are stored unencrypted, and often don't require a master password to use. Because of this, browser storage, despite being convenient, isn't the most secure.
Cloud-Based Proprietary Password Managers - There are some great companies out there and there are some awful ones. How are you really going to tell the different if they wont show you or anyone else exactly how they operate? Maybe they store your passwords in plain text? Maybe they store it encrypted with a decryption they have control over. Do you want to trust strangers (even reputable ones) with your bank account, personal email, and facebook logins? No? Then don't do this. There might be decent companies using zero knowledge systems where they couldn't look at your information or passwords if they wanted to but I don't think those are the majority. These often cost money
Local installations of strong password managers - Now we're talking! Programs like KeePass and KeePassX for non-windows computers provide all the benefits of the above with fewer drawbacks. They are encrypted to the teeth to protect your passwords. Password database files can be stored as encrypted files in the cloud to use at any location with internet access, and you can even put the programs to open them and the files securely on a USB without having to worry if the USB gets lost or stolen. If it does, the encryption should keep your passwords safe for a few billion years. These are free!
So, I'd suggest using a password manager like KeePass(x). There are also additional drawbacks to the safe options because they are a pain in the butt if you use the passwords in your safe frequently. Then you have to open and close your safe all the time. And who wants to do that?!
- 705
- 5
- 17
The Pros of a Password Manager:
Reduces the friction for maintaining unique, strong random passwords for each application that requires them.
Centralized account management in a digital form means that it's more portable, and easily backed up.
Integrated tools for creating unique, strong random passwords means that you don't have to worry about password generation.
The Cons of a Password Manager:
Vulnerable to malware. If your computer gets owned, there's a significant chance your password manager may end up owned as well, leading to a complete compromise of all accounts and credentials.
If you use a web-based password manager, you're relying on a third-party to ensure the security of your credentials, and also potentially opening yourself up to theft by remote web exploit, if there are weaknesses in the password manager's web interface. (Which research has shown there are/have been.)
The Pros of writing down and locking up your passwords:
Highly secure from theft. Generally requires a high-risk physical attack to breach.
Immune to mass credential theft by malware.
The Cons of writing down and locking up your passwords:
Introduces massive friction. It's very difficult to use a system of passwords when they are all locked up securely.
Still need a separate tool for generating unique, strong random passwords.
Difficult and expensive to back up securely, and introduces new potential for loss from physical threats such as fire and flood.
Given the pros and cons, I think it's clear that password managers are superior for general use, though the pros of written, physically secured passwords do offer significant advantages for cases that are particularly sensitive and require extraordinary controls, for instance in the examples Lucas mentioned in his answer.
- 35,525
- 27
- 113
- 141
-
Are phasing attacks a con of writing down passwords and locking them up? Or are password managers and writing them down equivalently risky for phishing attacks? – Stan Shunpike Sep 01 '19 at 21:12
-
@StanShunpike Generally speaking, they're equally risky. A phishing attack is a social engineering attack. It is designed to bypass technical controls, regardless of what those technical controls are, so, a phishing attack is designed to get you to enter your username and password, regardless of whether they are stored in a book, or your head, or a password manager. The solution to a phishing attack is strong MFA, like FIDO U2F. – Xander Sep 02 '19 at 21:21
It's often still used for sensitive, powerful accounts on systems to which administrators even only get limited access. The password is created and stored by the security officer often and stored in a safebox which often requires more than one person to open.
The accounts are mostly not used frequently and only in case of emergency.
- 54,169
- 17
- 112
- 196
One advantage of the "envelope in a safe" method is that you can make use of Bruce Schneier's observation that society already has many well established and effective methods for securely storing small pieces of paper.
In particular, there is an effortless process for securely doing an off-site back up to a trusted third party, namely putting another copy of the envelope in your lawyer's safe.
- 15,394
- 37
- 62