On Mon, 03 Mar 2014 08:41:10 -0500, Roy Smith wrote: > In article <mailman.7619.1393815421.18130.python-l...@python.org>, > Chris Angelico <ros...@gmail.com> wrote: > >> The greatest threats these days are from the network, not from someone >> physically walking into an office. (That said, though, the low-hanging >> fruit from walking into an office can be *extremely* tempting. Pulling >> off a basic password leech off sticky notes is often so easy that it >> can be done as a visitor, or at least as a pizza deliveryman.) > > Doesn't even require physical presence. With the ubiquity of various > video chat applications, as long as the sticky note is in the field of > view of the camera, you've leaked the password. With the right > lighting, I wouldn't be surprised if you could pick up the reflection of > a sticky note in somebody's eyeglasses.
Let's see now... - one in a ten thousand chance that somebody will hack my account because it has a weak password; versus - one in a thousand million chance that somebody will view my strong password reflected in my glasses and be able to identify what account name for which system it goes with, and be the sort of opportunistic black-hat who will use it to break into my account. Nobody is saying that writing passwords down is secure against every and any possible attack. (When the Secret Police smash your door down at 3am, you probably won't have time to eat the passwords, even if you remembered to print them on rice paper instead of a sticky note.) The concept is that writing down strong passwords is preferable to remembering weak passwords given the typical threats most people are exposed to. -- Steven D'Aprano http://import-that.dreamwidth.org/ -- https://mail.python.org/mailman/listinfo/python-list
