The main weakness it has is from a nosey flatmate, spouse, or child in the house.

I disagree. Using this book will always lead to shorter passwords that are easier to type. That's the main weakness imo.

Or in other words: it really depends what the user fills it with. It should be accompanied by a little machine that spits out random passwords, I'm thinking a rubics-cube-shaped bling pendant at the end of the bookmark band.

It really depends what the user fills it with. "Clever" solutions like using your daughter's birthday, or other hard-to-remember-but-easy-to-deduce strings.

It should be accompanied by a little machine that spits out random passwords, I'm thinking a rubics-cube-shaped bling pendant at the end of the bookmark band.

Just use KeePassXC. It's a offline password manager, so KeePassXC is safer.

It depends on what the user fills it with.

Even the objectively safest solutions will be much shorter, and have less entropy, than what a pw-manager can deal with.

Just maybe don't plaster "THESE ARE MY SECRETS" on the cover. Security through obscurity.

That Web Addresses placement is killing me.

Not at all. It will lead to easier to type passwords, likely. But that doesn’t mean shorter. This could easily be filled with passwords that are four words long with special characters interspersed.

they just centered the whole thing

this is my internet password logbook

Which you then have to type out every time. Laziness wins: they will be shorter.

The assumption is that the product is for non-savvy users. They might not even understand what you wrote up there.

Autocorrect can help here, but dictionary words are easily brute-forced guessed. And - more importantly - that hypothetical user would have to come up with that idea in the first place. But people who come up with such ideas usually already use password managers anyhow.

Still better than using the same password everywhere and/or saving passwords in an unencrypted text file on your computer somewhere.

Just not very user friendly.

Of the 200 elderly I see maybe 75% still use the book or a variation of it.

The best is when they use iPad notes or even their fucking contacts to save info lol

Im guilty of this. I dont write out the passwords in plaintext though. Its mostly just a few letters to remind me of which version of my many "master" passwords i used and then asterisks. ~PW0****$~ kinda thing. I know its bad but I can't bring myself to trust a password manager.

“People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down.

We're all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

Obscure it somehow if you want added security: write "bank" instead of the URL of your bank, transpose some of the characters, leave off your userid. This will give you a little bit of time if you lose your wallet and have to change your passwords. But even if you don't do any of this, writing down your impossible-to-memorize password is more secure than making your password easy to memorize.”

Bruce Schneier - 2005.

If you keep the book secure, it's probably safer than any computer based record system - right up until someone untrustworthy gets their eyes on the book.

With a physical book, you can store it in a safe deposit box when you don't need access, make partial copies, copies take (everyone, bad guys and good) significantly longer to make even with a photocopy process... most importantly, people intuitively understand the vulnerabilities of a physical book.

Now, the physical book won't stop keyloggers...

LastPass's biggest problem was that they were almost the first in the game, and mistakes/choices they made 20 years ago bit them hard when they got hacked.

There were two major issues with LastPass's security model:

1. Non-Password data wasn't encrypted. So usernames and urls were visible by the people who stole the vaults.
2. Passwords were encrypted with a number of iterations based on when the account was created, so older accounts were only run through a single iteration. The iteration process makes it much harder to guess the master password(by making it take a longer time). So single iteration makes it pretty quick to guess the password.

So with flaw 1 you could see what vaults might have valuable passwords like banks and crypto wallets. And with flaw 2 you could reasonably quickly break into the vaults of long time users.

So aside from their lax security allowing the compromise to happen in the first place (Nothing is fool proof), they weren't providing the level of protection most people assumed.

More modern password managers like BitWarden fixed those problem a long time ago.

It is very user friendly, at least for reliability and security if you keep it in a safe location. It is cumbersome and slow.

Sure, it's a horrible idea in an open office environment but if someone wants to use this at home for all their passwords it really won't hurt anything.

Wait, what? How does autofill get fooled?

Please hold your password notebook in front of the laptop camera.