Schneier, author of “Applied Cryptography” and “Beyond Fear,” a book about personal safety in the digital age, echoed the recent suggestion by Microsoft security chief Jesper Johansson that keeping a written record of passwords allows users to maintain the complexity required to keep hackers from guessing oft-used or too-simple login information.
"People can no longer remember passwords good enough to reliably defend against dictionary attacks,” Schneier wrote in his newsletter, Cryptogram. “[Users] are much more secure if they choose a password too complicated to remember and then write it down."
Schneier recommends keeping passwords in places previously frowned upon, like one’s wallet, but obfuscating certain key elements, like transposing letters or switching descriptions to foil would-be thieves.
These recommendations come on the heels of Schneier’s rejection of “two-factor” authentication, a security feature that has been around since the 1980s but that is gaining ground due to its use by America Online and some banks.
Two-factor authentication is being marketed as a failure-proof security system, Schneier said, but only in the case of certain types of hacks.
Like writing down passwords, Schneier said, keeping authentication simple and smart might be better than making complex systems that fail big when they are finally compromised.
