Summary: The password card is a simple tool to generate [generaly short] passwords and to have them on hand even when away from your computer or device, assuming you have your wallet.
Password Card, a slightly different way to generate passwords and then take them with you...
BLOT: (18 Feb 2014 - 09:03:23 PM)
Password Card, a slightly different way to generate passwords and then take them with you...
While my Goodreads friends try and figure out what the fart I just posted [some explanation]; I'd like to point you towards another flatulent sound echoing around the web: Kickstarter was hacked, and while your payment details are safe, your passwords aren't. And if you are wondering why anyone cares about how much you pledged towards a 3D printer that makes teddy-bears1, it is important to note that getting access to any account, with personal information and confirmed password schemes and a bit more insight into your online psychological make-up, is enough to start cracking all of your other accounts. Just ask the old owner of @N, whose story seems to be less than unique. And if you can't be arsed to care about people having short Twitter handles stolen, such hacking chains can do much worse.
Now, there is next to nothing you can do to stop what I'll broadly call "the human factor"; as that last link says, when you order pizza you generally give enough information out over the phone to expose yourself to severe issues. My post today is more of interest to those who have cross-used passwords, especially if your account is linked to another in some way and that link might be used to crack even more accounts. As you get ready to angrily change up your passwords, again, assuming you haven't already migrated to a system like LastPass [and also assuming you aren't a member of #teamfuckit], then Password Cards might be of use to you.
See the image above for an example. What you do is you take your card, and you print it out. Then, when you need to assign a password you pick a direction, then you pick a starting place, and then you read out a certain number of digits. It it is good for 8-digit passwords in all directions, less good for longer lengths unless you interpret "up"/"down" as to mean "finish the column, then go to the left or right" since there are only 8 rows.
For example, if you I want to make my account.tld password with the above card [generated from the string "aaaaaaaaaaaaaaaa", by the way] then I might say that account.tld starts with the red smiley face, and I go from right to left, giving me the password np4KPXQN.
The potential drawbacks are obvious. The worst one is the potential of losing the card, but as long as you have back-ups or remember the card number, you can get it back. The second worst, which is just as bad, is that remembering which row/column pair can get pretty when you start talking about dozens of accounts and any method to jog the memory (e.g., pencil marks, small creases, etc) are going to reduce security.
Kind of neat, though, and has uses outside of quick password generation. You can use it to generate keys, for instance, or to generate any useful alphanumeric character or string.
1: I know of no such project being Kickstarted, but if anyone wants to take it and run with it, just name one of the stretch goals after me.
OTHER BLOTS THIS MONTH: February 2014
dickens of a blog
Written by Doug Bolden
For those wishing to get in touch, you can contact me in a number of ways
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
The longer, fuller version of this text can be found on my FAQ: "Can I Use Something I Found on the Site?".
"The hidden is greater than the seen."
