How to keep secure passwords in your pocket

Security Focus has an interesting blog post on writing down passwords. The recommendation is that you then select a four character common “pin” which you memorize. For each site you then select a complex completely random unique six character password and write it down on a paper in your wallet. The password for each site is generated by appending your memorized password to the password written in your wallet to create a secure ten character password. The idea is that now you are using different passwords for each site but are not experiencing the extra cognitive load of memorizing a large number of long passwords. You are also not writing down complete passwords so someone stealing your wallet will not have your complete passwords.

I think this is an interesting idea and would be interested in any known research on its effectiveness and usability in practice.

Don’t program on fridays

I just found an interesting paper on the number of bugs programmers create and fix at different points during the week. His conclusion is that changes to code which result in a bug are most often made on Fridays so don’t code on Friday.