back to article Leatherbound analogue password manager: For the hipster who doesn't mind losing everything

News reaches us that will leave password management outfits quaking in their boots. The Conran Shop has a solution for forgetful users, and it is a snip at a mere £22. Users need to remember a bewildering array of passwords just to get through an average day, which can lead to some pretty shoddy practices as revealed in the …

Page:

  1. Timmy B

    Who on earth is going to spend £22 on that tat? The printing, stitching and leather are junk going from the pictures. I don't even care about the security implications when I'm so shocked at the quality.

    1. Lord Elpuss Silver badge

      I thought you were exaggerating. Then I clicked the link.

      It's absolutely hideous; I've seen better for 99c from Ali Express.

      1. Mage Silver badge

        Security features

        A £2 address book is a GOOD idea. Website/service, email, user, password etc.

        NEVER take it out of premises.

        Never EVER put in laptop bag.

        Do put in safe or with Will etc, in case you are knocked down crossing road, stroke, heart attack or assassinated.

        It's actually good security practice to have a secured hard copy of all security information. Maybe even a second off site secure location.

        Not though in your jacket, open plan office or laptop bag.

    2. Flywheel
      FAIL

      "Expertly designed and crafted by Fabriano"

      *sigh* It's artisanal Artisanal! The seemingly irregular nature of the stitching only serves to emphasise the handmade quality of the item. The faux-puerile nature of the blocked text lends an air of uniqueness to each and every item. John Bull would be proud!

      Apparently.

      1. Voland's right hand Silver badge

        Expertly designed and crafted by Fabriano"

        You clearly do not understand the effect of "designed label" on the people who have an inferiority complex for which they have to compensate by having the latest and greatest of everything.

        1. Wellyboot Silver badge

          fashion victims

          and where 'more expensive = must be better'

          1. Timmy B

            Re: fashion victims

            "where 'more expensive = must be better'"

            If that's the case I can make the best one. I actually do make things out of leather, including bags, pouches, book covers, etc. Anyone who wants one can order one from me. For really good quality leather I can do you one for £200. If you want one with traditionally tanned buckskin £350. Any takers?

            1. Chris G

              Re: fashion victims

              Traditionally tanned buckskin was softened by Indian maidens chewing the hides to soften them, can you guarantee that is the case with your product?

              Photos of said maidens chewing your buckskin or it hasn't happened.

              I make pretty good journal covers from leather to order, I can guarantee they haven't been chewed by me.

              Average price for hand stitched, oiled leather €50-€60.

              1. Timmy B

                Re: fashion victims

                "Traditionally tanned buckskin was softened by Indian maidens chewing the hides to soften them, can you guarantee that is the case with your product?"

                Sorry. You've listened to Hollywood and not read your history books. :) I do a variety, from bark to brain tan and various other processes that I'll not bore people with. All are hand or frame softened depending on animal and hide thickness / quality.

                I was having a giggle with the price and you quote is far better but I do tend to carve patterns into mine and that will inflate the price, of course. And one done in my buckskin with actual sinew stitching is going to clear £100.

                1. Giovani Tapini
                  Coffee/keyboard

                  Re: fashion victims

                  @Timmy B

                  Ooh, does that mean you process the leather with real wee? !

              2. This post has been deleted by its author

            2. Andy Non Silver badge

              Re: fashion victims

              @Timmy B

              I'll take one. It must be better than the post-it note on my computer with my TSB online banking username of Imawally and password of qwerty-123456. You might as well take the money out of my account by direct bank transfer, I haven't got time to do it myself, too busy giving a security seminar this afternoon.

          2. Gritzwally Philbin
            Meh

            Re: fashion victims

            Oh hell.. well that's it for me and my 2 dollar spiral bound blank-page notebook I bought in 1998. 20 years on and it's not been nicked, copied or dropped in the toilet (my God, who pulls out their password book on the toilet? Unnatural, that is..)

            The biggest drawback is that over the years I've pulled pages to make shopping lists with and the poor notebook is running out of room.. Though I DO still have my AudioGalaxy password and username jotted down. The thing that makes you think the most however, are the number of old e-mail addresses and contacts with folks I knew that have died over the years. Hmm.

          3. Anonymous Coward
            Anonymous Coward

            Re: fashion victims

            'more expensive = must be better'

            £22! pah, that's nothing. My secure analogue password recorder cost best part of £1000.

            I write down my passwords on the lid of my laptop with a Sharpie.

            What the long term cost will be is a known unknown... I think

      2. Gene Cash Silver badge

        Deckeled

        Speaking of "Artisanal"... I learned a new word recently: "deckel" which means "we couldn't be bothered to finish the book and cut the paper properly"

        I ordered a book, and I thought I'd gotten a screwed up copy, because none of the pages were cut square. I went back to Amazon and found out I had the "fancy" deckled copy and I'd paid extra for this "privilege" and so I gave it a 1-star review for this wonderful feature.

        It made reading the book a nightmare, because it was REALLY difficult to turn the individual pages.

        1. Timmy B

          Re: Deckeled

          That's from deckle cut. It's the phrase used for uncut paper straight from the paper making frame - known as a deckle. You may get charged more because the paper was likely made by hand and not machine.

    3. Enric Martinez

      That's actually the key point mate!

      It's so shoddy that a the last thing a thief may thing is that you keep important information in there.

      Clever he?

  2. Anonymous Coward Silver badge
    Thumb Up

    This is actually a good thing.

    It makes the low-hanging fruit that bit lower, which makes things safer for those of us who aren't so intellectually challenged.

    It's basically a big sign saying both 'here are my passwords' and 'I've got too much money' (why else spend so much money on a notepad?)

    1. stiine Silver badge
      Thumb Down

      wrong, yet again.

      This is only true if NONE OF THEM use the same services as you, which is unlikely.

      1. Anonymous Coward
        Anonymous Coward

        Re: wrong, yet again.

        If "they" lose their account access to miscreants, how is that a problem for me using the same service? To the service the miscreant will look like a kosher user with the same privileges as the rest of the users.

    2. caffeine addict

      Companies should give them out to their users. Anyone found to have used it for the intended purposes just fired from a canon.

      Similar (ish) recent job I had here.

      PM : The website for users to access HR. Add a button to print the page.

      Me : But... why? The browser does that.

      PM : Not all users will know that.

      Me : Okay. So what about if I make it so that everyone who presses that button has their contact details forwarded to HR for not being able to use a web browser?

      PM : No.

      1. Ken Hagan Gold badge
        Headmaster

        "Anyone found to have used it for the intended purposes just fired from a canon."

        Pachelbel's?

  3. W60

    The fact there is not even a lock on it to give any attempt of security

    1. Mage Silver badge

      Re: Lock

      Only diaries with glitter, ponies or fairies on the cover, usually pink, have locks.

      Easily operated by the spam tin key for convenience of mother or brother.

  4. Warm Braw

    User-generated obfuscation

    Invisible ink?

    1. Shadow Systems

      Re: User-generated obfuscation

      There is an easy form of exactly that, as long as you can remember the order of certain glyphs.

      Imagine a 3x3 grid like a tic tac toe board. In the upper left corner you place a single dot in the corner. In the top center you place a dot in the middle of the space. In the top right you place a dot in the corner. In the center left square you place a dot in the middle; in the center square the dot goes in the center; in the center right square the dot goes in the middle. In the lower left square the dot goes in the corner, in the bottom middle square the dot goes in the middle, & in the bottom right the dot goes in the corner. Now consider each square one letter of the alphabet, in this case A to I. Repeat the tic tac toe board with squiggles, x's, or even smiley faces until you have enough for all 26 letters & 10 numbers. Now you just have to remember in which order you created each grid (I suggest using 1 dot for the first, 2 for the second, 3 for the third & so on), that way you can simply look at which direction the square faces, at what doodle is inside the square, & do the mental math to figure out what letter/number it represents. You've just created a cypher that very few folks will be able to decode easily (if at all), much less on the fly from memory.

      You can use that method to write passwords, using a line over the glyph to mean an uppercase letter or to multiply the digit by some value of ten (although Roman Numerals are a greater PITA than just writing out the numbers themselves).

      My friends & I used to do this all the time back in school. We'd leave each other notes, leave single glyphs to confuse folks on sticky notes stuck to things, & generally have fun throwing folks for a loop.

      I challenged one to write his English homework in code, he retaliated by daring me to write an entire book report the same way. I refused only because my teacher had no sense of humour, but I made up for it by writing a story that way instead. He laughed his ass off when he saw the 50 pages of single spaced, college ruled binder paper covered in hieroglyphics. =-)p

      I kept a pocket flip cover notepad in my pocket for years, a tiny pencil in the spine, so I could take notes when an idea struck me. Putting them into code was a good way to make sure my parents didn't know what trouble I was getting into. (Had they been able to decode it, they would have grounded me so fast it would have made my head spin!) So do something along those same lines to keep your own notes, including passwords. The chances that some random stranger finding the pad & being able to read it are low, & knowing what's written there belongs to *you* is almost nonexistent. (Unless you have a mailing address label for yourself stuck inside the cover so they know where to return it, but that's another story.) =-)

      1. Woza
        Headmaster

        Re: User-generated obfuscation

        There's another way to use a 3x3 grid - Iain M. Banks' Marain (http://trevor-hopkins.com/banks/a-few-notes-on-marain.html).

        But I'm confused by "You've just created a cypher that very few folks will be able to decode easily (if at all)" - isn't that just a substitution cipher? While strong passwords should render frequency analysis unprofitable, relying on that to keep secrets written in your native language seems potentially risky, depending on the audience. Or am I missing something?

        1. Giovani Tapini
          Black Helicopters

          Re: User-generated obfuscation

          Isnt it call the Mason's Cypher - or have I said too much about the poster already?

      2. Andrew Newstead

        Re: User-generated obfuscation

        That's the pig pen cypher, originally used as a Masonic code.

    2. sawatts

      Re: User-generated obfuscation

      Nah just try to read my handwriting...

      1. Jason Hindle

        Re: User-generated obfuscation

        Meh - just encode everything ROT26.

        1. DropBear

          Re: User-generated obfuscation

          "just encode everything ROT26."

          Well known to be no longer secure. If you must keep using it, at least stick to triple-ROT26...

      2. Chris King
        Trollface

        Re: User-generated obfuscation

        "Nah just try to read my handwriting..."

        My careers teacher suggested I should be a doctor.

        "King, your handwriting is so bad, it deserves to poison someone !"

      3. Wensleydale Cheese

        Re: User-generated obfuscation

        "Nah just try to read my handwriting..."

        Might not work if your other half is a pharmacist.

    3. Hans Neeson-Bumpsadese Silver badge

      Re: User-generated obfuscation

      My dear old mum worked for years as a secretary, and so was proficient in shorthand. At home she used that any time she wanted to write anything down that she didn't want my Dad or I to be able to read.

    4. itzman

      Re: User-generated obfuscation

      I often use unshared secrets.

      Items of trivia from my past that no one will ever discover, like the number plate of a friends car in 1967...

      Writing down "Tims Ford Prefect" isn't giving a whole lot away.

      1. Allan George Dyer
        Facepalm

        Re: User-generated obfuscation

        'Writing down "Tims Ford Prefect" isn't giving a whole lot away.'

        Until Tim posts a photo of the car on Facebook with the caption, "Remember the fun we had, itzman?"

  5. Wellyboot Silver badge

    Name > website / Phone No. > password

    So it's just an old personal phone book with the column headings changed.

    For security, leave it at home.

    1. Captain Scarlet

      Re: Name > website / Phone No. > password

      Yeah I recommend using a standard A5 paper book to anyone I think will be confused by a password manager.

      I recommend remember your email and bank passwords and put anything else in the book (As a password can easily be reset if you can access your email account)

      Try to keep it in alphabetical order and use one page per site.

      Stating the book is for passwords is a bit silly, if its in the home in a draw hopefully it will be missed if burgled.

      1. stiine Silver badge

        Re: Name > website / Phone No. > password

        Or better yet, be in a safe.

        1. Flocke Kroes Silver badge

          Re: Or better yet, be in a safe

          You put strange things in a safe. I would go with a 3D printed handgone with some ammunition, a dozen little transparent plastic bags of rat poison, PFY's cattle prod with conductive handle and trigger and a home-burned DVD of the Eurovision song contest.

        2. Anonymous Coward
          Anonymous Coward

          Re: Name > website / Phone No. > password

          Or better yet, be in a safe.

          Don't forget to write the combination down in the book first before you put it in the safe - just in case you forget!

      2. fruitoftheloon
        Happy

        Captain Scarlet: Re: Name > website / Phone No. > password

        CS,

        could you recommend a pwd manager for Mac OS please?

        Cheers,

        Jay

        1. Captain Scarlet

          Re: Captain Scarlet: Name > website / Phone No. > password

          Not being a Mac user I'm not sure. KeePass has an unofficial port but I don't know how well that works. Any MacOSX users want to recommend?

          A safe to store the book in I'm not 100% sure on, if someone breaks into the safe I think they would take everything in it including the book.

          Have a thumbs up for the draw comment, yes I meant drawer.

          1. fruitoftheloon
            Happy

            Re: Captain Scarlet: Name > website / Phone No. > password

            CS,

            ta!

            Regards,

            Jay

        2. JLV

          >pwd manager for Mac OS

          1Password is OK.

          Likes:

          - it works

          - fairly comprehensive and seems serious about providing a good product. they've been caught out in some of the password manager audits, like others, but they patched promptly.

          - you don't HAVE to store stuff in the cloud. if not, no syncing, but that's ok

          - you don't have to use browser integration and you can keep it closed most of the time.

          - multiplatform.

          Dislikes:

          - data file is stored in/mediated by macos Keychain. That's probably an overall positive, but worries me about what would happen if the mac dies and Time Machine doesn't save the day. I'd rather export it encrypted somewhere, only needing the app and the master password to restore. Now, IIRC, I did manage to find the file somewhere and do just that, but it's not well documented and needlessly obfuscated and complex to do so.

          1. Wensleydale Cheese

            Re: >pwd manager for Mac OS

            "1Password is OK."

            "- you don't HAVE to store stuff in the cloud. if not, no syncing, but that's ok"

            You can sync without the cloud but it's a bit fiddly.

            In the Likes section I'll add that it has a record type of Software Licence. I've got all mine stashed in 1Password, nicely in one place.

        3. katrinab Silver badge

          Re: Captain Scarlet: Name > website / Phone No. > password

          The built-in keychain works well, and syncs with your iDevices.

        4. davemcwish

          Re: Captain Scarlet: Name > website / Phone No. > password

          @fruitoftheloon

          LassPass works fine for me, either browser plugin or the app, syncing automatically with my iPhone and Win 10 PC.

      3. RFC822

        Re: Name > website / Phone No. > password

        ... in a draw....

        Why would you put it in a lottery?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon