Q&A with Bruce Schneier

There is a very interesting Q&A with security expert and internet meme Bruce Schneier over at the Freakonomics page. While the page is a bit lengthy it is a good read and should be read by all, particularly the less internet savvy as there is a lot to take away.

He describes a very effective way of storing and using passwords. It is a technique I have been using for years and usually recommend to family and friends.

Q: How do you remember all of your passwords?

A: I can’t. No one can; there are simply too many. But I have a few strategies. One, I choose the same password for all low-security applications. There are several Web sites where I pay for access, and I have the same password for all of them. Two, I write my passwords down. There’s this rampant myth that you shouldn’t write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet. And three, I store my passwords in a program I designed called Password Safe. It’s is a small application — Windows only, sorry — that encrypts and secures all your passwords.

Here are two other resources: one concerning how to choose secure passwords (and how quickly passwords can be broken), and one on how lousy most passwords actually are.