Much has been written on the subject of password storage(for the purposes of this paper,'password storage' refers to the practice of placing printed copies of the password ionformation in a location with limited access). In a majority of cases, these treatises deal with the subject from the perspective of a government or corporate user. This paper attempts to deal with the subject from the aspect of practicality as it applies to the average small business or home user .

2.11 Assessing your environment.

Practical password storage must necessarily begin with an assessment of the environment in which the password will be utilized.Home users will have far different problems assiciated with the storage of passwords, than even a small office environment.

2.12 Network.

Do a brief assessment of your network configuration. Is your network configured as a workgroup, or as a domain?

2.13 Users.

Do a brief assessment of your users. Is this a home environment? A small to medium office? How do your users use the network?

2.14 Regularity.

How often is this password used? Is it used daily? or is it used intermittently? (as in an account used to start a service)

2.15 Severity of consequence if compromised.

Guage the severity of consequence for each password should that password become compromised. WIll someone gain access to your bank accounts? (severe) WIll your web mail be read? (presumably low)

How is your network used? Is it used primarily as a gateway for internet access? Is it used primarily for file manipulation within the intranet?

4.1 The problem.

The problem with passwords is eloquently described in Dr. Richard Smith's paper The Strong Password Dilemma In essence we must conclude that a password must be complex enough to provide a deterrent to password cracking algorithms, yet simple enough or created in such a format that it can be re-called from memory. In reality we are forced to concede this fact: At some point this user will more than likely forget this password.
Given: Home and small networks will not by design have a full time network administrator, likely a person within the organizational structure will double in this capacity. As such, there are constraints placed on this persons time, which dictate how much time they can dedicate to tasks such as the recovery and re-introduction of passwords.
Conclusion: we must construct guidelines for storing passwords which take into account the frequency with which, and likelihood that, they will need to be re-introduced to the user, and the ways and locations which will not make this burdensome and likely to be by-passed.

4.2 Formats.

4.3 Recommendations.

4.31 General recommendations.