A few years back I caused quite a stir when I mentioned in passing during a presentation that writing down your password is a really good idea. A journalist in the room decided that saying so qualified me as insane, and my employer sending an insane person all the way to Australia to give a presentation was newsworthy, so he drummed it up far bigger than it really was.

I still maintain that writing your password down is the only sane thing to do. At last count, I have 114 different passwords, for different systems, and those are only the ones I actually care about and need written down. The reason I am able to have 114 different passwords is because I do write them down. Personally, I tend to use Password Safe. It is convenient, relatively secure, and the few bugs it has are mostly annoyances.

Then, a few weeks back, I received an unsolicited e-mail asking if I wanted to review a new password organizer. I, of course, said yes. Then, a few days later, this arrived:

OK, that was not what I expected. Innovention Lab had actually taken me very literally when I quipped that the Chinese invented a cure for poor memory thousands of years ago.

My first thought when I saw this was "OK, I know what I would steal first." And that is definitely the big shortcoming of the Password Organizer. It is quite clear what it is, and no password is required to read the passwords store in it.

For some, however, this may be a good way to solve the problem of password overload. I once helped a mortgage broker get started with Password Safe, and after having gone back and forth via e-mail for about a week, I was ready to give up. Password Safe has a discussion forum, with thousands of posts, most of which deal with problems using it. It is simply too complicated. The password managers that are not are not secure enough. By contrast, no user manual is required to use the book. That, I think, may be what is needed to fill a very large but unique niche. For a home user, or even a small business owner who can ensure that the book stays protected, something like the Password Organizer may be just the ticket. If the bad guy can get to the book, a lot of other security has already been breached, and you have very big problems.

Personally, I do not plan on using it. I move around too much and I do not want to have to carry the book with me. I also like to use unique randomly generated passwords. For example, the password for my bank is over 20 characters long. That may be the second very large shortcoming of the Password Organizer: it does not help me generate random passwords. After all, what that journalist failed to listen to several years ago was my claim that, as long as your password is written down, you don't have to know what it is.

Read the complete post at http://msinfluentials.com/blogs/jesper/archive/2008/02/04/write-down-your-passwords.aspx