How-To Geek

“Confidential” User Name and Password Handbook [Humorous Image]

One lost little book is all it takes…

What are the worst password practices or situations that you have encountered? Make sure to share your stories in the comments!

As confidential as it gets [Reddit Tech Support Gore]

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 01/9/13

Comments (15)

  1. Cracker Jacks

    I’m sure some people may find this funny. It’s almost like writing “TNT” on road flares or having your computer do a “countdown until detonation…” for the amusement of the TSA when going through airport security (I dare you!).

    But have you tried to get most any average user to remember even ONE password? And even if you do, how easy do you think it is to crack?!

    Writing it down may be a good idea for SOME people. Having a book like that may actually be a smart thing to do. Again, for SOME people! And if you’re one of them then obviously you better beware of WHERE you leave it. Hopefully, it’s locked up or hidden when not needed.

    With that said, I think what would really be funny is if those books were already filled out!

  2. tony

    I’ve seen a similar item at Meijer’s. The funniest thing about this particular one is that it means someone would pay $5 to do what they could do with $1 notebook that isn’t pre-labeled.

  3. Jedidath

    With the proliferation of websites that require you to create an account before you can view their content, this isn’t as idiotic as it may seem at first glance.

    I’ve used a plain old address book for years. The trick is to never write anything down that someone else can easily interpret.

    I have a couple dozen usernames and a couple dozen passwords that I use in varying combinations. My note in my address book consists of the first 2-3 letters/numbers of each.

  4. dragonbite

    I have a “black book” at home for all of our accounts and their passwords. The advantage being that you must have physical access to the book (knowing where it is and what it is ) to utilize it.

    It may also be a good idea to store the login information in an encrypted file as a backup, just in case.

    The alternative is to use the same password for ALL of our accounts so we only have to remember one.

    Question is, which is worse?

  5. Mark

    Of course it has been stated for years thatt it is better to use different usernames/passwords on each site so that only the hacked site is compromised if your username/password is discovered somewhere.

    But we all know no one does this as who can remember so many passwords.

    So the current thinking in security circles is that it is better that the user writes the various username/password down somewhere and store it securly at home or in the office. It is considered less likely that a theif would break in to a house and look specifically for a password log book – they are too busy taking the camera, DVD player, jewelery etc…

    Although, if a theif saw a book marked like the photo, then he is sure to take that too!

  6. Larry Z

    The worst password practice is to leave a list of passwords and log in information on your laptop marked “PASSWORD FILE.” A surprising number of people actually do that. The most convenient method of generating a quick almost unbreakable password is to simply pull a dollar bill out of your pocket and use the serial number as your password. Just remember not to spend the dollar.

  7. freakyfingers

    I use a TXT file with logins and passwords, which I compress in a RAR file with a weird name and encrypted with my common password, then I change the name and extension of the file to something like syswapmem.sys and save it on Root directory

  8. perl

    Better yet, get the password book, fill it with bogus passwords, and leave it out as a decoy.

  9. Dan

    @freakyfingers – you should try keypass! It uses an encrypted file to store your passwords with 1 master password.

    @Cracker Jacks – competely agree. a book with a list of passwords isn’t going to help that generic chineese/russian hacker that has a trojan on your computer (unless you have a webcam pointing at it…) and for some users, they will just use the same password for everything. These are the same users that you force to change their password each month, so they just have a number on the end that corresponds with the month. eg. Password1 in Jan becomes Password2 in Feb.

    As for the worst password practices I have seen… I have seen countless companies that use a standard password when staff start, but never change it for most of their users – so any user can log onto any other computer with the same simple password.

    I even looked after a company once that had 1 password, that all their users used, and it was even the password for their server!! I told them it was a security risk, but it went in one ear out the other. Anyway – they had a new user start, and, because they were short of computers, they gave them the CEO’s computer to use, and logged them in AS THE CEO user (it was the last user to login after all), then said it was my fault because they had access to the CEO’s files!!!

  10. MIchael

    Well, I for on keep a little black book, one offered by At-a-glance. There is no indication on the outside as to what is being kept in the book, and because if its size would most likely be overlooked.

    It would be nice if all web sites could agree as to how to construct a password, but they don’t and some go to extreme lengths to be pains in the rear when it comes to chosing a password. Upper/Lower Case, Special symbols, numbers, and worst of all, “it can not represent any known word in any language”. Than you all so very much. The latest was a bank site which decided that not only did they require a complex password but required you to change it once a week. And of couse admonished you never to write it down or to tell anyone what it is. That’s great if you drop dead, and your spouse can get at the bank records.

    Sorry all of you security people, I will keep my littl book, and try to navigate your complex rules. Yes, I realize I might be taking a chance, but better that than throwing my computer out the window in frustration.

  11. Ms Hanson

    @Dan, a bazillion years ago, I nearly”flunked” orientation at an outfit that hauled truckloads of beef across the states, because I laughed out loud (yes I did!) when they handed out keyed-alike padlocks to new drivers. And they actually didn’t understand what was wrong with this scenario. Told me I had a bad attitude…I suppose they work for TSA now…

  12. Wayne Osteen

    ROBOFORM for the win!

  13. OJMDC

    I keep work related passwords, cypherlocks codes, etc. on 3×5 cards that I take to and from work on a daily basis. I also keep personal accounts and passwords on 3x5s.There is no way I can remember all of the work account usernames and passwords along personal accounts and usernames and passwords.

    I personally don’t think it’s a good idea to store usernames and passwords on a separate electronic device such as cell phone, because that could die and then I would be completely lost.

  14. franck

    I use Dashlane seems to be have no problem for the moment still have a bit of trust issue with it but that just me. I also like the fact that if you lose your master password you can’t access by anyway the only way to reset the account is to destroy all your info.

  15. PeeDadDee

    Most of you are not understanding the “pun” in this at all…..

    The notebook says ON THE COVER, “A Confidential Handbook to keep all your USERNAMES, PASSWORDS and WEBSITES” …… the part everyone is missing or just doesn’t comprehend the pun.

    And NO!…. it is NEVER even a slightly good idea to write them down on paper AT ANY TIME!

    Now to the response that TG wanted…

    I have seen many places that end users write passwords down at. By far the most idiotic place is post-it note on the monitor.

    However, I did see one end-user that had a rather decent “hiding” spot for her written passwords. It was hidden under the lid to the printer and was written backwards.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!