So I’ve been looking around the internet for different things recently, using StumbleUpon, which if you haven’t used before, I have to say, is a great waste of time. But one of the things I’ve been noticing is when it comes to security, and especially passwords, is that it’s not as good as people think it might be. For example: I came across an article that claimed that researchers have cracked 768-RSA signed and encrypted datastreams, which if you don’t want to read the article, was expected to last upwards of 1,500 years. Stuff like this kinda shakes my believe in using encryption due to the fact that I remember hearing last year WPA-Personal and WPA-Enterprise, version 1, was cracked in under a minute. Now what I’m doing by letting you all know this, is not trying to scare you, but trying to inform you of what is going on in the security world. And while I could post on the factions, I’ll leave that up to a forum post, seeing as it’s not important. However, I have also found recently some interesting ideas for generating passwords: a tool that’s called Password Cards… and it’s just a printer away from you.
Basically, a password card is what it sounds like, and that would be every Security Tech’s nightmare: a piece of paper with passwords on it. But before you shoot me down in flight, I suggest you look below and try to figure out what they are if I handed you one off the street.
I don’t think you’d be expecting them to be my passwords.
I know this idea seems contrary to the popular belief of providing a strong password and keeping it in your head, but think about it: how many people do you know of that have only one account to log into? I’ve got my Linux partition on my laptop along with the Windows one, Raymond.cc’s forum as well as the blog, my hotmail account, my GMX account, my banking site… right there, with one strong password apiece, I’m looking at seven different passwords to keep straight in my mind. And as much as people you can have a good memory for this kind of stuff, I unfortunately, do not. I’ll give you an example of how bad it is: up until last year, you could get into any of my accounts by using the password ‘adobe1234‘. Since this is no longer the case, you can’t get into my accounts… but that proves the needs for these password cards: to help people use stronger passwords that are harder to break into, thus preventing weak passwords from being used. From there, we can all deal with the social engineering though better training. With these password cards, we can choose a letter and a number, or in the case of Your PasswordCard, a colour, a number, and a character… but it’s much easier to remember ‘green2heart’ then it is to remember a full password for all these different sites, or at least it is for me.
While I wouldn’t suggest something like this for sensitive sites, such as banking, I’d recommend it to those of us whom have a hard time trying to remember passwords for our many many sites. I’ve tried it myself for my email accounts and for my Raymond.cc forum account, and if you can’t tell, haven’t lost anything yet. The only flaw to these cards is if you loose them, you’ve lost your passwords… though Your PasswordCard has a 16 character string to bring back a copy of your card.
From what I’ve seen across the net, at present, there are two services that do this. One is offered by the creators of Shields Up!, the Gibson Research Corporation and is meant more for disposable passwords. It can be found here and is completely customizable to how you see fit, adding more or less security. The other option, Your PasswordCard is meant for more permanent passwords and accounts. I’d suggest you follow exactly what each site suggests and make sure to keep the password cards on your person, rather then leaving them lying around. Other then that, like I’ve said before, this is just one more option to help secure your computers and your accounts, and should be part of a layered regiment anyone should follow.