How To Write Down Your Passwords Yet Remain Secure

toggle-button

Everyone knows that you should never write down you passwords.  But what if there was a way that allowed you to write them down and yet remain secure?

According to the people behind a service called Password Card, there is.  It works along the same lines as a couple of commercial offerings that have been around for a while, but this is free.

Here's how it works.  First, head to www.passwordcard.org and generate your own unique card.  It will look something like the one in the picture below.  Print it, laminate it, and keep it with you all the time.  

Now decide on a password length and direction.  For example, we'll decide that our passwords will be 8 characters, and use every alternate character in a horizontal direction.  Commit these 2 facts to memory and you're ready to start creating passwords that are perfectly safe to write down.

Let's say that you sign up to a new service and you need a password.  You simply choose 3$ as your password, and that's what you write down.  Using the rules we decided earlier, about 8 alternate characters in a horizontal direction, 3$ becomes 65VnK8RZ.  That's your password.

If anyone comes across your written-down 3$, it will mean nothing to them.  If they find your password card, it's useless.  And even if they find both pieces of the puzzle, they won't know the rules that link them.

This is a fairly novel, radical idea that isn't suitable for everyone.  But for some people, or for certain situations, it's a really neat solution to an age-old problem.

 

 

Please rate this article: 

Your rating: None
3.73684
Average: 3.7 (38 votes)
toggle-button

Comments

There's also an Android version that will allow you to carry the card in your phone. If you scan the QR code from within the app, it will sync the two cards so they're identical.

Like many of the others who've posted here, I prefer LastPass (or Keepass) to keep my passwords safe, but if I need to write some down for any reason, I can do so with no security concerns. When I create passwords, remembering strings of random characters is way beyond the capacity of my aging brain, so I find it easier to just create little blocks of characters that I can easily remember and give them code names that will mean nothing to anyone but me.

For example, let's say that your sister's initials are PDG, born on the 27th of April, and your brother's initials are MJD, born on the 6th of May, and that you all grew up at 673 Clarkson St. Your password could then be pdG30673mjD06. Your written-down code for that could be "SisClarksonBro" (without the quotes), or even SClarksonB, if that's all you need to remember what it stands for.

Using this procedure (though you can easily invent your own - and should!), you could add blocks for Dad and Mom or anyone else you choose. However, if you want to get extra uses out of fewer blocks, especially for lower importance sites where a security breach wouldn't be life-destroying, you could, using this system, keep the "Sis" and "Bro" blocks, but vary the middle one (or the first or last, as you choose). For example, if your best friend Mike lives on Dogbreath Drive, your password could be pdG30DogbreathmjD06 and your written code for that could be SisMikeStBro or SMikeStB. If you do a series of these and can remember the constant bits, all you have to write down is your middle block (or whichever block you vary), so your written-down password list would look like:

Site 1: Clarkson
Site 2: MikeSt
(Etc.)

Also, please remember that you're not limited to only three blocks in a password (longer is always better), nor do you have to only vary one block. It's important to make up your own system [this is not the one I use, which is of course Top Secret, but just an example I made up for this post], with the key point being to use character blocks you can easily remember because they have meaning to you, and for which you can have a simple code that will jog your memory, but no one else's.

There you have it, a written-down list of password codes that are meaningful only to you and will be utterly useless to anyone who might find your list.

Hope that helps.

Thanks for the idea. I love it!! I have several social accounts and I can now create completely different passwords for each one with your method. Clever indeed.

Cheers

G.O.

Wow. I really am at the low end of the food chain. How do I enter any of those special characters on the top line?

Oops. Of course. I don't have to enter those, just write down some approximation as a reminder.

You don't enter anything from the top line those are the characters which are used as coordinates of the starting point of the password. For example if you use 3$ as your starting point. So you start with the character in the 3rd row under the $ sign.

Thanks for the rapid response. I almost immediately amended my question to indicate I realized that. Just need the coordinates to designate a starting point.

Maybe I'm reading this incorrectly. I have 164 passwords that, for the most part, are unique. Using the grid above - how am I supposed to remember the code to get at all these passwords?

I use LastPass for my password keeper. The program does, among other things, generate a password for me to use. You can tweak this if you want, but I now have all my passwords securely stored in this application.

Since all my drives also are encrypted, it would be hard pressed for someone to get through all that security.

Oooops! Did someone get through that security? Try to find the Excel spreadsheet that I have all my passwords entered. The name of the file is so bizarre that one wouldn't even think of opening that one for my passwords.

Someone found the file? They can't open it without a password. They did that too? Send that person my way and I'll hire him/her.

I only need to know about ten userids and passwords that are stored in LastPass, but come into play prior to Lastpass being made active.

Good idea,
But what about those visually impaired? They can't physically write things down; me included. Using Keepass is good idea, but if they, like me, have long passwords and they need to show the actual password to let screen readers read to them, then that's not safe, since everyone in the room can hear the actual password being read out loud.

We sighted people forget that there are those without good sight or being able to write down things. I used to be in the IT department of a hospital and met a blind lady who could outtype the other people in medical records. She was fantastic.
Here's an idea. I used to be able to write down Pi to 108 places. Crazy Geek. Big deal, I know, but I am sighted and I can do it. Why not ask the blind person, Mrs. Smith, to remember Pi=3.14159265358979... (or e=2.718281828459045...) and then start at the "n"th digit in their minds (say they choose 4, or the 4th, for that website) and do 8 digits for all passwords, then finish with their lastname spelled out, but reversed.
So if the user can remember Pi and 4 in their heads and their last name is SMITH, then a password for them can be 15926536htims$ The $ is also the fourth character on the top row of the keyboard. They remember only 4 for a website and they have a 14 character Password. You would be surprised what blind people can remember. Just sayin'

I use a secure way of having passwords and I got the program for another reason, but found a few more things that it can do. The paid version is even more powerful.
Start with KingSoft and it will guide you to the other programs. I had installed Foxit first and it did not integrate it. So I uninstalled it and installed KingSoft first.
With KingSoft Office Suite http://www.kingsoftstore.com/ you password the master document and you can do it in two layers. You can also export it to a PDF file and use another program that I found for free here. Foxit is great and even better than Adobe Reader. Foxit Office Suite = KingSoft Office Suite + Foxit Reader??!! So if you go to http://www.foxitsoftware.com/ you can acquire even more knowledge.
The great thing about these programs is their updates. You have both Desktop stand along and plugins for all browsers.
Check the http://www.techsupportalert.com/freeware-forum/ and you can learn more. To get to the subject directly use the search box on top of this article.
All you have to do is write a doc file and on the web press Ctrl+K and link the webpage to your document. Export it to a PDF save it as a HTML, or make several category cards and insert them into the document. Even make a spreadsheet or database form with the information. Unlimited self expression and creative ideas.

I am lost here. I do not see where 3$ can translate to that password. And I do not see where the various colors come in. Not a good explanation on PasswordCard.org

I'm not sure how safe that is. If someone got ahold of the card and the password starting coordinates (eg 3$), they could try various combinations of skip numbers and password lengths, and in most cases be able to crack the password in less than an hour. So to work, you would have to keep the coordinate key far from the card. Also the process could be automated, and a program could be written to try out various options just having the card alone. I think I'll stick with LastPass (or KeyPass if you prefer). My base password is random and long. I've used it since DOS days in the 80s and I periodically I add a phone number as the need for longer passwords arises. If I had to make a card, I could make a hint such as pw + current # + fred's # + childhood # (Where fred's might be a son's or a brother's number I call regularly, and my childhood number would only be known to me and a few close friends and relatives)

I may be dense or sight-impaired, but I can't find the characters "3$" anywhere in your sample. Separately, yes, but together, no. How can I follow your instructions if I can't even find the entry point to the goal? What am I missing?

Go across the very top row to the $. Then straight down to row 3. That's your starting point. But whoever wrote the article missed a skip. The password should be 65VnKA2L.

The password error in the article points out a danger in this system. What if you create a password and make an error, as happened to the author? Wouldn't that be fun.

Frank D,

The card is an encryption tool, itself. The small, left-most column holds the vertical line numbers and the small top-most line holds the horizontal column headings. Find the point where the "3" and the "$" intersect, and that is the first character of your password. Then, follow your own designated rules (every other character, horizontal, and the number of characters you choose to use) to discover your password. By the way, the last few characters in the example are incorrect.

To all who replied: Thank you, I get it now.

Much better than what most of my friends and relatives (that I help) use. I find it difficult to convince them to at least use a good password for the important sites. Another problem is to get them to save a copy of their passwords for when I need to fix something.

Most find Keepass to "complicated" though I sneak a copy on their PC for my use. Passwordcard might be OK if they write down the two character code somewhere (memory is a beautiful thing, but it fades with time) and don't loose the card. :-)

It might work for some, but I don't see how this is super-handy for the ones who need it most- oldies?

Even remembering their own rule is an issue- lol. You're also talking about carrying a physical card + pen + another piece of paper or pad to write down your "code name", at all times.

I'd rather they learn to use Keepass or Lastpass on a daily basis- no little cards to carry or to try to see. At least then they can give their master password to a relative or friend in the event they forget it.

I hear you, Geekomatic, and I am an oldie at 69 yrs old. I use Keepass. I Love it, but I am a Geek. My wife is not and my daughter, the teacher, is not.

I would envision the chart being scotch-taped to the front of the LCD Screen so it's right there. I would envision a 50cent scratchpad nearby or in the bedroom in the sock drawer that contains the 2 symbols to use with the website on screen. I can remember 3$ for 15 feet while I toddle to my PC. Then I type the password in by reading the chart. That's easy too. A person would not carry the card but have another one in the console of your car should you be on vacation and need to carry it in to your room if you had a laptop.

Just sayin' I am not right for all, and you are not wrong at all. I just wanted to suggest another scenario.

Excellent article. Should be manditory for everyone to use.

A good idea Robert. Isn't it 65VnKA2L if the 2 facts apply for 3$?

Sharp minds think alike :)

What a nice way to have quality passwords that remain safe.