13 December 2010


Via @acrylicist, I learn about PasswordCard, a cunning little web utility that helps with the problem of remembering lots of strong unique passwords. Frustratingly, I find it almost useful. But I have some ideas for how to make it so that it would be a great solution for me, and I think a lot of other people.

PasswordCard generates a unique batch of random alphanumeric characters for you, arranged in a grid:

The idea is that you keep your PasswordCard with you, and then any time you need a password you use this proceedure, described on the PasswordCard website:

  • Pick a direction. You don't have to go from left to right to read your passwords, you can go from right to left, up or down, or even diagonally. It's probably a good idea to pick one direction though, even if you use your PasswordCard for multiple passwords.
  • Pick a password length. Eight is pretty secure and usually acceptable. Again, it's a good idea to pick one length.
  • Pick a colour and a symbol for each password. You can use one password for all your sites, but that still wouldn't be very safe. It's a good idea to at least have different passwords for very important sites, such as Internet banking sites.

So if you use 8-character passwords and read to right-to-left, and you remember that your Facebook password is “green diamond”, then you know that your Facebook password is r8tzkE5H.

It's a very clever idea, but I have a problem with it. You need to remember the color and symbol for each password you have. If you're like me, you have a lot of passwords; I would not feel confident that I will remember the mnemonic for every password I create.

But with a slight change to the design of the card, that's easy to fix:

With the grid organized this way, you can have the name of the thing for which you need a password act as the mnemonic that tells you where on the card to start. So let's say you do the first letter of the name of the site from the top list of columns, and the second letter of the name of the site from the side list of rows; that makes your Facebook password jdFQqeea. This makes your passwords a bit more exposed if someone gets hold of your card, since the key mnemonic isn't in your brain, but you could be clever about where you start: instead of the first and second letters of the site name, you could use the third and fourth ... and shift over by two from there ... and so forth.

For folks who still want to use the card the old way, I've left the colored rows.

The weird extra set of characters at the bottom of both formats of card is a seed number which will produce the PasswordCard again at the website. That way, if you write down just that seed number somewhere secure, if you lose your PasswordCard you can reproduce it exactly. But it would be nice if you could use any arbitrary key you want, that you already have memorized, and then have the option to leave that off of the card.

No comments: