« Cornell Mushroom Blog | Home | Blast from the past: Jimi Hendrix on stage at a concert in Bakersfield, California in 1968 »

May 8, 2014

Expert's Expert: Index card holder for internet passwords


Sometimes old ways are the best ways.

Below, C.M. Mayo's convincing Cool Tools review.

It's well worth considering as a step toward simplifying what can sometimes be awfully vexing when you just can't seem to remember or guess or find a password you've just got to have right now.


The Web was new (I climbed on board in 1995) like everyone else, I started accumulating passwords. Slowly at first, but with two websites to manage and a fondness for on-line shopping, by 1999, I was pinning scraps of paper to my bulletin board, jotting in notebooks, tucking them into my wallet, in various files in the filing cabinet, and, oh heck, just sticking Post-Its to my computer monitor. And more times than I'd like to admit, I forgot to write them down at all. I knew some people who kept their passwords straight by using the same one for everything, but that seemed to me an invitation to hackers.

About ten years ago, I started noting each password on its own 4 x 6 inch index card, then filing it alphabetically by service (e.g., Amazon.com under “A”) in a little box that looks just like my grandmother’s cookie recipe box.

Call it the Grandma's Recipe Box Solution to Password Management.

On each index card I note:

• Name of Service (e.g., Amazon.com)

• My password

• My username

• My email address for this account

• Any other relevant information

Now that I'm still on-line in 2014 and managing a plethora of websites, a batch of blogs, two YouTube channels, Vimeo, three Twitter accounts, and do my banking on-line, use PayPal, and have not set foot in a shopping mall in more time than I can remember, I have accumulated a prodigious stack of index cards. But my little plastic index card holder, with its alphabetical tabs, is still right here by my desk, doing the job.

I have found that there are several advantages to this method:

1. I can keep all my passwords at my fingertips (so when it's time to check my bank balance or tweet or shop on-line, if I cannot recall the one I need password, I just pluck it out);

2. Filing the cards alphabetically allows me to plunk one back in quickly (and find it again just as quickly);

3. I can use longer and more varied passwords without having to remember them nor go through the hoops of waiting for it to be resent to my email, and then having to click on some link to confirm;

4. If I need to change a password, I just pluck out the card, note the change, and put it back;

5. When I had to cancel one of my email accounts, I was able to whip through the stack of index cards to see which accounts needed updating;

6. It's cheap and after 10 years the plastic index card holder still looks like new;

7. It's small enough to stash in a locked drawer;

8. Finally, should anything happen to me, my family knows where to retrieve all my passwords to put my affairs in order. That's a gruesome thought, but a realistic one. Last I checked, no one gets off this planet alive (except astronauts, and only temporarily).


Advantus 4 x 6 Index Card Holder, 300 card capacity

Oxford Index cards, 4 x 6, White, 100 Cards per Pack 

Oxford Index Card Guides, 4 x 6, Cut Tabs, 25-Set

May 8, 2014 at 08:01 AM | Permalink


What is a BSD Unix box?

Posted by: Kay | May 14, 2014 11:57:23 PM

I use a variation of the HINTS comment. My primary goal is KISS.

I use one alphanumeric PW for most sites. I keep the list of site-username-PW in a text file. I keep the text file in a common place: DropBox (or EverNote or Notes) synched on my iPad-iPhone-MacBook. The Notes app is offline and common, but offers no security. DropBox is good but needs to be set up so you can EDIT the file from each device.

One More Wrinkle: Put the PW hint in the bookmark for the site, e.g.: Wells Fargo An, Gmail An, etc.

One More Step: Put the site name in your PW and you'll have a unique PW you won't need to record anywhere: Password123wf, Password123aol, Password123gmail, etc.

I hate dealing with this and some sites makes it tougher by requiring—or—prohibiting, "special characters."

Meh. Good luck.

Posted by: PT | May 10, 2014 9:52:29 AM

Remember the little tabbed address book? Perfect for passwords. Sits right below my iMac monitor.Use pencil. ENTER username password and password under tabs. Done. Next?

Posted by: steven frisk | May 9, 2014 11:09:01 PM

Last Pass. https://lastpass.com


Password Haystacks: https://www.grc.com/haystack.htm

VeriSign's Password Dongle https://idprotect.vip.symantec.com/mainmenu.v

If you insist in making copies of your passwords - to take with you - at least use strong encryption. See, http://www.ironkey.com/en-US/encrypted-storage-drives/

BTW, ONLY on BOJ am I known as the mole - and this site's password is different from every other site.

At a minimum a 13 character password of non-guessible material is safe. Yes, Banks don't let you do this. Investment companies (TD Ameritrade, for one - although they aren't TLS/SSL everywhere. I go to the encrypted login page before I log in. I also have a 30 character password - pure GRC gibberish. I change financial institution passwords every single month. I keep the entire list of the prior passwords in an an encrypted "keychain" on a "headless" BSD Unix box bolted to a shelf in a closet and not connected to the Internet.

Posted by: 6.02*10^23 | May 8, 2014 11:27:38 AM

I just compile then in a Word File, using my cryptography abbreviations,SIMPLE

Posted by: larry ziegler | May 8, 2014 9:50:19 AM

One thing I would always note that if you do this is to have password HINTS not actual passwords.

For instance, I have a few standard 'in-between' passwords that I put on most. My password cheatsheet ends up looking like:




One of my good friends has the in-betweeners locked up. It wouldn't be of any use without the rest of the codebook, but it ensures that I can remember them. Lately, I use OnePass to keep everything, but I still keep a backup in case I'm on another computer that doesn't connect to this.

Posted by: clify-2-tha-mofo-t | May 8, 2014 9:36:25 AM

Hmmm, make sure you lock them up securely.

Posted by: tamra | Jan 18, 2014 4:15:16 PM

The comments to this entry are closed.