Respected commentator on security Bruce Schneier wrote:
Simply, people can no longer remember passwords good enough
to reliably defend against dictionary attacks, and are much
more secure if they choose a password too complicated to
remember and then write it down. We’re all good at securing
small pieces of paper. I recommend that people write their
passwords down on a small piece of paper, and keep it with
their other valuable small pieces of paper: in their wallet.
I like this advice, and follow it myself for some passwords,
although sadly I need more passwords on a regular basis than
fit on a piece of paper small enough for my wallet.
I use a password manager for some, but not all of my passwords.
For the ones I don't want to put into a password manager I
print out a page like this and keep it safe in my home or around
my person. I find it easier to print a page of pre-generated
passwords and fill in where I use them rather than generate them
in the browser and copy them out to the paper.
Recommendations for use:
Select an 8-, 10- or 12-character password according to the
incentive for an evil person to brute force it, and the cost
to yourself if they do. Each character contributes 6 bits to
the cost of brute force discovery. Don't use an 8-character
password for anything in the least important.
Because the passwords are randomly generated, they won't always
have the mix of character types a site may require. Remember
you can always add extra characters using a ballpoint pen.
It's up to you what you put in the date and context columns.
Be explicit if you need to and trust that you will keep your paper safe.
Be cryptic if you prefer to, but still be careful with the paper.
This page is self-contained - you can download the HTML source using
your browser, and run it from your local filesystem, and change how it
works if you want to.
If you need to know whether this page is secure enough to use
safely for your application (whether it's logging in to the
gardening club or running a nuclear power station), get someone
appropriately qualified to inspect the web page source.
I can't tell you whether this is good enough for your needs.
Respected commentator on security Bruce Schneier wrote:
Original sourceI like this advice, and follow it myself for some passwords, although sadly I need more passwords on a regular basis than fit on a piece of paper small enough for my wallet.
I use a password manager for some, but not all of my passwords. For the ones I don't want to put into a password manager I print out a page like this and keep it safe in my home or around my person. I find it easier to print a page of pre-generated passwords and fill in where I use them rather than generate them in the browser and copy them out to the paper.
Recommendations for use: