How many times have you been told that you need to use secure passwords? This includes using uppercase and lowercase letters, numbers and symbols. You are told to make your password hard to guess, lengthy and to not write it down. Further, you should not use the same password on multiple sites, but keep them all separate.
Now, ask yourself this question seriously: Do I do this?
I did not. Then I started seeing close friends and family members Twitter, Facebook and Google accounts hacked. It was a sharp lesson for them to use strong passwords, and motivated me to get my passwords in order as I should. Unfortunately, this is a royal pain the rear. I probably use a dozen services on the web regularly, not to mention my operating system accounts for work and home. My list of passwords is quite lengthy. Is there a way to keep them straight?
Fortunately, there is. Welcome http://passwordcard.org. The idea is simple: generate a password card that has your passwords printed in the card IN PLAIN TEXT. Carry the card with you in your wallet or purse, and you have access to strong passwords, for every account you have, and should an attacker get access to your card, there are practically infinite possibilities that your password could be. There is a catch, though.
As you can see in the screenshot, there are 8 colored rows and 29 columns with various symbols across the top. On the site, you enter a number (a hexadecimal number actually) to generate your unique card. You can decide whether or not to include symbols and to have an area with only numbers. After generating your card, print it out, laminate it, and stuff it in your wallet/purse. Now, when creating new accounts choose a password starting from a certain column and row, and going 8/10/etc characters from there. For example, maybe you have a Facebook account. You could start at the smiley column on the dark blue line, and move 10 characters to the right (in this screeshot, that would be: X#szN#g2e5). This would be your Facebook password. Of course, all you need to remember is the
Of course, you can travel any direction on the card that you wish. Maybe you want to go down, right, left or up. Maybe you want to travel in a diagonal fashion, maybe even rebounding off the walls at 90-degree angles. Swirl out or in. Not only direction, but length as well. Rather than a static 8 or 10 characters, maybe the length of your password is at least 10 characters or including 3 symbols, whichever is most. You get the idea. It is probably best to keep the travel direction and password length the same for all passwords, so you do not have to remember too much. After all, we want this secure, but we want it easy to recall from memory as well.
So, in other words, all you need to remember is:
* The hexadecimal number that generated your card (in case you need to regenerate it).
* The starting point (symbol and color) for your password.
* The directional path the password takes.
* The password length.
* Your wallet/purse.
Now, at this point, you can change all the account passwords that you have. Google, Yahoo!, Twitter, Facebook, OpenID, your Windows/Mac/Ubuntu system password, etc. I have done this with all my accounts that I commonly access. I admit that it is a bit of a pain to pull out the card from my wallet a lot when logging into various accounts. However, as I continue to login, I begin memorizing the password, and it becomes less of an issue. I have already memorized a few of them.
Because your wallet/purse is likely the most tracked item in your possession, minus maybe your kids, it makes sense to put your password card in it. It is secure. Further, you can access the site via secure HTTP, and they have a mobile site for Android/iPhone/Blackberry phones.
Now, as awesome as this is, I have a couple gripes
1. I do not like that I must use a hexadecimal number to generate the unique card. I do not understand why any string of text would not work. The hexadecimal requirement is perplexing to me.
2. Further, I live in the India, and when including symbols in the output, the Rupee, Dollar and Euro symbols are included in the output (as you can see above). I do not have immediate access to those symbols on my keyboard, as they are not universal. So, it took a bit to generate a card for me that did not include those symbols in the output.
3. Lastly, this service is not Free Software. IE: the code for generating the card has not been released. I imagine this would be rather trivial to code in Python or similar, but for the time being, its Software as a Service. I am okay with that.
I have been using this for my passwords for a few months now, and I love it. I have showed my friends, and it is generated good discussion. It is not a big deal for me to pull out the card, type in my password, and move on. If you are skeptical, give it a shot on one of your accounts, and see how it works. If you like it, move on to using more accounts. I think you will find it is worth it.
