Password security - Another idea

[Tom Roberts]

Several people have indicated that complicated, "difficult to remember"
passwords may create more exposure than they eliminate. I beg to differ.
I believe that in most computer environments today, the MAJOR access
security exposure is due to "password guessing"; I believe that the exposure
due to writing down passwords is, or can be made to be, much less dangerous.

Example: Create a password from 8 randomly-selected ASCII characters,
and write it down (be very careful about how you perform this random
selection!). DO NOT write it down on a paper clipped to your terminal,
but on a piece of paper that you keep with you at all times inside your
wallet.

Analysis: The range of security exposures has been changed significantly;
you will no longer be open to password guessing attacks, because such attacks
will be using a dictionary, not your random password. Your exposure is now
similar to the exposures you routinely subject your house keys and credit
cards to.  Is your computer account more valuable than your house or bank
account? With this method you also have a very good likelihood of detecting a
breach of your password (e.g. your wallet was stolen), and can take corrective
measures (change your password).

I suggest that in most computer environments (e.g. networks) this method
is far superior to having users attempt to imagine passwords that are both
hard to guess and easy to remember. Clearly, having the computer system 
generate the password is also possible, but the method of generation
must be very carefully chosen (computers cannot easily generate
random numbers).

The only difficulty I know of in this method is that users may not protect
the paper as well as they protect their keys and credit cards. I do not
know how to address this problem.

Tom Roberts
att!ihnet!tjr
AT&T Bell Laboratories