In partial answer to BZ. I work in the IT world not PCs but OS (operating system) of IBM computers which corporations use for back office stuff. There have been times that I needed to keep track of over 100 passwords at one time, for work & for personal use. So I have developed, and refined, SYSTEMS, to hopefully provide good security, while not relying on the system which involves stuff falling out of my brain, when I dont use certain portions of my brain often enough. At the same time, I do not have post-it notes with passwords easy for other people to find. At work, it used to be my job to issue passwords to the employees. That meant I was like Ed Snowden, knowing how to get into anyones account. The volume of stuff is so astronomical, that being able to get into anything is of little value. Using the keyboard, and number pad, I figured out how a person could have a password such that while keying, their fingers would rapidly cover up what they were doing, so it would be darn impossible for someone watching someone else, to figure out their password. Well that only works if someone is typing like I type. I quit doing that after I saw practically all co-workers engaged in hunt and peck. Back in the 1960s when I was in college, I took a class in touch typing, because I saw a future in keyboarding being part of my preferred profession of computer programming. I never got as fast as the professional secretaries, but I can type without looking at the keyboard I look at the screen, occasionally fix typing errors. The vast majority of co-workers are hunt and peck. In time, most offices will have you talk, it types, but we are not there yet. The technology for that is good, but corporate managers do not yet see the productivity and profitability benefits of migrating from hunt and peck generations. I got permission from management to change the rules for passwords at the office. If someone forgets their password, I will force change their password to some WORD that I tell them what it is, and at the same time force the password to be EXPIRED. So when they sign on with the WORD, the system will mandate that they change the password to something only they know. There are password rules. If their password does not match the rules, they will get a message with details, and may retry. I check back with them after a few days, to make sure THEY got in Ok to THEIR account. Now I only need to keep track of MY passwords at the office, for each of my accounts, and the passwords associated with IBM OS functions, like SYSTEM ADMINISTRATOR, MASTER SECURITY OFFICER, SYSTEM OPERATOR and about ½ a dozen more like that. There are about ½ a dozen co-workers who need access to some of these, such as to do backups, hooking up new connections to the network, etc. From time to time we declare it is about time we changed these again typically when one of our number is no longer with the firm. I had the master list, on my person, in a place I had VERBALLY told my IT co-workers, and my boss. Then I said lets do a test, lets assume I get hit by a bus, and now you need into the system. Can you figure it out? I was told that if I was run over by a bus, then the paper hidden on my person, would be too blood soaked to do the little puzzle I had provided, to translate what was on the paper, to get the corresponding passwords. The reason for the puzzle was if the paper fell into the wrong hands, there would not be enough info there to actually translate into the passwords. So the new system is that when we change these passwords, I give the boss an envelope, containing a list of what needs an IT password, and what it is. I ask that this envelope be placed in a safe place, where you can find it, should I ever part company for whatever reason. It still is part of my job to setup security access for new employees, but I dont have to remember their passwords any more. Also there is a security aid in IBM OS. When we sign onto our account, there is a message line telling us the last time we signed on, and how many failed password attempts there have been on our account since then. If that info does not jive with whats in our brain memory, that is a clue something is amiss. Also I periodically check a log of failed access attempts. There are certain kinds of consumer devices where you can press some key combination, and it will spout out account name and password. Since we have a lot of these devices, such as laptops, walking in and out of the office on a regular basis, I have had conversations with the operators of them, and with management. What if one of these devices gets stolen? The crook can then easily get into our systems, and we would not know it until the normal user informs us about the problem. Is that risk Ok with Yall? Well, maybe because of my conversations, or maybe because of some other problems, we are now using SONIC WALL for our VPN (VPN is an encrypted tunnel thru the Internet, which lets different business systems talk to each other, with decent security, and on the cheap). It wont let you pour in a pre-recorded user-id and password. It HAS to be keyed at time of opening the communications session. Al Mac = Alister William Macintyre -----Original Message----- From: cryptome-bounce@xxxxxxxxxxxxx [mailto:cryptome-bounce@xxxxxxxxxxxxx] On Behalf Of bz Sent: Saturday, August 31, 2013 1:35 PM To: cryptome@xxxxxxxxxxxxx Subject: [cryptome] Re: Exemplary Greenwald-Poitras Opsec Op-Ed If you read this: https://pressfreedomfoundation.org/encryption-works carefully, it may explain what was Miranda doing in London. It wasn't about sharing docs, but rather setting up Tail, I would think. Any docs he had on him were rather there only to misguide. I am rubish with IT myself and only recenly, due to the necessity, have started learning all this & have been trying to change the ways I communicate and although every day I feel I begin to understand it, I still confuse things with keys, certificates and, if I be am honest am not sure whether people are recieveing my mail when I manage to encrypt it. Also, i dunno why, but I assumed that it will be safer if record all passwords on a paper... There is too many passwords to be able to remember all of them. How can you handle it? Personally, I think I need proper help with all this as it starts to really frustrate me or simly stop using internet as I am not sure whether I protect myself the right way or whether it works like it should and wird things began to happen both with my laptop and in my life.