Security Corner

Oct 20 2012   10:22PM GMT

Distributed passwords: A simple security precaution that works

Ken Harthun Ken Harthun Profile: Ken Harthun

Everyone of us has one: A user who has a “book” of passwords sitting in plain view at their workstation. This person absolutely insists on keeping passwords written down in longhand and refuses to use any type of password manager software. Yes, the book is usually closed and it’s not obviously labeled Passwords! in 72 pt. Arial Bold, but this means little in the way of true security. Any determined person could sneak in and look around. It’s a bad idea. Keeping the password list in your wallet is significantly more secure, but if you have a large list of passwords, this can be cumbersome. There is, however, one simple security precaution that works for those persons who insist on having a written list: Distributed passwords.

Distributed passwords derive from Public-key cryptography where there are two keys, one private, one public. Applying this principle to the password book, one simply splits the passwords into two sets of characters, writes one set down in the “public” book that remains visible and writes the other set down in a “private” book that is kept secret (perhaps by locking it up when not in use). This is extremely simple to implement and results in a much greater level of security. Here’s how:

Book 1                Book 2
Bank: 1234            Bank: 5678
Credit: 9876          Credit: 5432

You get the idea. The bank password is 12345678 and the Credit password is 98765432

This could be implemented with stored notes or spreadsheets as well, but if you are going to go through the effort of typing them and storing them securely, you may as well just use a password manager like KeePass or my favorite, LastPass.

In a future post, I’ll apply this principle to password succession in estate planning. Stay tuned.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: