This is Signal vs. Noise, a weblog by 37signals about design, business, experience, simplicity, the web, culture, and more. Established 1999 in Chicago. Follow us on Twitter for more information on our products.

Are you more likely to use a harder-to-crack password if you write it down?

Writing down passwords is not that unreasonable of an idea.

Uh, it’s a joke. ThinkGeek makes clear it’s a joke.

Clearly it’s humour – as a cursory look at the other items further down the page would have confirmed?

Very average post compared to the last entry…

That is clearly a joke product. Like this one.

Uh…

Ok, who are we kidding – if you list your passwords on this, you deserve to have your identity stolen. But it is funny as heck, and that’s why we’re offering them to you. For the heck.

Hmm… There should be a web site that does this somewhere…

UH…We get the fact that it’s a joke, people. The post is relating that information to you clearly. If you think your sense of humor is so sharp that it can pick up on the subtleties of comedy, perhaps you should read the post again. People need to lighten up and have some fun once in a while.

On a more serious note: If you’re on a Mac and looking for a way to securely manage passwords, check out 1Password. I just installed it a couple weeks ago and don’t know how I ever lived without it.

+1 to Bret’s link to the Schneier article above. It’s far better to use passwords that are impossible to remember and write those down somewhere safe than it is to have one or two passwords you can remember and use them everywhere. You may not want to include all the pertinent details that the form has, but the base suggestion is good.

While obviously meant as a joke, in all seriousness, I might trust this tablet (hidden in a safe or locked desk drawer at home) moreso that an encrypted password file on my computer. One is potentially accessible only to physical intruders. The other is potentially accessible worldwide. Wonder what the odds of each happening really are.

Someone needs to get out more, perhaps go watch comedy hour at their local, so they can recognise it in future.

I’d love to get a stack of these – they’d make great conversation pieces.

And please make sure Sarah doesn’t visit the rest of the TG site, there is so much news-worthy (zOMG!) comedy gold there I’m not sure we can take it.

True story: a colleague at a major financial institution phones the help desk for a password reset. We’re obliged to use the intranet about once every six months for compliance training, so of course we forget our passwords. The nice lady on the help desk asked him, “But don’t you write your password down somewhere?” He was speechless.

He was speechless.

If only he had “the pad”. It would have all been ok then.

I can recommend online password manager Passpack. It’s not as stupid as it sounds: all data is en- and decrypted in the browser and only encrypted data goes over the wire and is stored on the server. If you trust the client-side encryption (whose could you could inspect), this is safe. Passpack has also good usability.

@qwerty – You can trust client-side encryption but it’s not unreasonable to believe that there is a bigger possibility of someone compromising the Passprack server(s) than your home machine. In that case the intruder might get his hands on a ton of passwords. And there’s always the problem with a disgruntled employee that can access the passwords and wreac havoc for everyone. I don’t feel comfortable giving them to an online service, something like 1Password will do :)

@MZ: The whole point of client-side encryption is that if someone compromises the Passpack server, they won’t get their hands on a ton of passwords, they’ll get their hands on a ton of ciphertext.

This is not an endorsement of Passpack, just a clarification.

Justin Knoll – sure, but what about a disgruntled employee or general variety of insider threats? :) BTW , I have nothing remotely against Passpack, I just believe that people don’t think about all the possible problems before using an online service where they store confidential information.

Classic ThinkGeek. I love it. It’d be even better on a T-shirt.

That site has dumb stuff.

While on the topic of password management, I’d recommend Password Safe. Its a bit more portable format, although the main app is Windows-based, there are some 3rd-party clients for Macs and Linux (I think they might all be Java-based and are a bit clunky…atleast Password Gorilla was but that was the best version I could find for my Mac).

This pad could work if someone had a sophisticated algorithm with which to disguise the actual passwords. That way they’d just need to remember one thing (how to transform the passwords on the pad) instead of many passwords.

ThinkGeek is a damn funny site. I’ve actually gotten some good stuff from there, both gags and genuinely useful tools.

The sheet is missing a warning that tha paswwords are ONLY to be viewed by persons inteneded. Anyone else viewing the passwords would be guilt of an ethics violation (hey! maybe we could pass a law…)

I feel, if I can remember my passwords, it’s not secure enough.

I run a password matrix that requires me to reset each and every password I use every 15 minutes.

It cross checks the password history between applications, so a recently used password in on application is not available to another.

If the password is not reset within the timeframe required, the system automatically triggers a lockout and I’m forced to answer a series of reminder questions, at which point the password is reset and sent to me by email.

I’ve never been hacked, at least not since I started this script process.

...vows to say “For the heck” more from now on.

BTW , this pad (and a bunch of the other products on Think Geek) are designed and manufactured by Knock Knock, a small product design company in Venice, CA. Very cool company.

I love the idea, I bought one and am going to give it to my father-in-law, who will actually use it— TFF :)

Did you miss this in the ad??

Ok, who are we kidding – if you list your passwords on this, you deserve to have your identity stolen.

It’s a novelty item not worth mentioning in the first place,,,thanks for the time wasting post.

Pop quiz. What’s more secure:

a) Re-using the same few easy to remember (and most likely easy to brute force crack) passwords across dozens or hundreds of websites, each of which has different security mechanisms and policies, many of which record your password in plaintext.

b) Using unique harder to remember passwords which you write down on a physical (un-hackable) piece of paper.

I actually keep all my passwords on a backpack page called “Passwords.” But as Aaron suggested above, I have a little character substitution trick in my head to de-crypt them when I need them. If I only worked on one machine, I’d just stick a big post it note on my screen with all the passwords on it too.

This is really funny…