Tommy Ku's Method Stub

Reading and thinking

Write down your password and still be safe

Posted on 2014.07.15

I am going to tell you how to be safe even if you have your passwords clearly “written down”. Nobody could figure it out easily. (well, somebody might do, though, can’t weed that possibility out)

Most measures to protect password from being stolen and forgotten fall into the categories of password managers, two-steps authentications (which became increasingly important after heartbleed) and just-make-those-pass-long-and-strange.


A security affecting OpenSSL version 1.0.1 that leaves a server vulnerable to leakage of secure data such as username/password and even the private key of the SSL certificate.

However, life was easier before password. Even nowadays you can see people trying to remind themselves of the good old days by sticking a postit note on the monitor with password clearly written - this way password is meaningless and they are inviting everybody who gets to see the monitor to hack in.

My method is different. You can write the down and be safe. On my desk I wrote a post-it note: “An apple a day keeps the doctor away”. Normally when someone comes by they would just regard it as a small irrelevant note for myself. Let me tell you my password to the computer is in fact “a3d,ktdA!”.

Eh… An Apple A Day, Keeps The Doctor Away!? Yeah.

Small things that seem innocent could well remind you of the password.

You may use contact list, quotes from great people or even the order of accessories you place on your table.

Join and abbreviate them, tweak it a little bit to add numbers and symbols then you had just made yourself a easy-to-remember password.

One possible drawback is that one may lose the contact list, post-it with quotes and have those little things reordered. This is why i prefer quotes over others. Quotes can be remembered easily and every time you use password you are reminded of the old wisdoms!

Some even went so far to even omit the password and use forget password function to reset it every time logging in. As long as the cookie retains the necessity of logging in is eliminated. That would be a bad thing to do considering the possibility of your email bring hijacked.

So, throw away your password manager and change passwords. You could start with:

The computer is a moron. — Peter Drucker