If he had stored the paper in his wallet rather than on the laptop, I would have said the he handled the situation very well. For most people, the physical security afforded by their wallet is more than sufficient to safely store passwords. HBGary Federal would certainly have been better off if Aaron Barr and Ted Vera had used better passwords but written them down.
Telling people to never write down their passwords probably does more harm than good. Many people have too many passwords that change too often to legitimately expect them to be able to memorize them all. And when they do write them down, they have never been told that their wallet is a safer place to store them than under their keyboard.
My father and I eventually came up with a better system: he came up with a list that had enough passwords that he could reuse the first one after the last one on the list expired, and then taped to his laptop a list that had about half of each password on it. He would then put a little pencil mark next to whatever password hint corresponded to the password he was using at the time.
If he had stored the paper in his wallet rather than on the laptop, I would have said the he handled the situation very well. For most people, the physical security afforded by their wallet is more than sufficient to safely store passwords. HBGary Federal would certainly have been better off if Aaron Barr and Ted Vera had used better passwords but written them down.
Telling people to never write down their passwords probably does more harm than good. Many people have too many passwords that change too often to legitimately expect them to be able to memorize them all. And when they do write them down, they have never been told that their wallet is a safer place to store them than under their keyboard.
My father and I eventually came up with a better system: he came up with a list that had enough passwords that he could reuse the first one after the last one on the list expired, and then taped to his laptop a list that had about half of each password on it. He would then put a little pencil mark next to whatever password hint corresponded to the password he was using at the time.