Perfect Passwords… On Paper!

Steve Gibson, creator of Spinrite and winner of the Third Annual People’s Choice Podcast Awards in the Technology/Science category for his Security Now! podcast with Leo Laporte of Twit.tv, has just come up with a super-secure multifactor authentication system. Steve calls it “Perfect Paper Passwords” and you can read all about it on his web site. Be sure to read all of the pages, but beware — it’s pretty geeky stuff. Here’s a simple excerpt:

GRC’s “Perfect Paper Passwords” (PPP) system is a straightforward, simple and secure implementation of a paper-based One Time Password (OTP) system. When used in conjunction with an account name & password, the individual “passcodes” contained on PPP’s “passcards” serve as the second factor (”something you have”) of a secure multi-factor authentication system.

I feel like a kid turned loose in Toys-R-Us with a thousand-dollar budget. This is truly an amazing system and I’m just now starting to figure out how to implement it in my own environment. But using it as Steve designed it isn’t the subject of this post. Most network environments are still based on the username/password model, not a multi-factor authentication model. Until the PPP system becomes a standard (and it should!), why not use the passcards to create super-strong passwords?

I know, I know, he already has the Ultra-high Security Password Generator and I’ve been using that, but the idea of breaking long strings of characters into simple, four-character snippets makes things a bit simpler and it also allows you to take some control over generating your passwords. It adds another random factor into the mix by letting you choose the order of combination, something no computer or person anywhere can possibly know. Putting them into a seven columns by ten rows grid in a format that you can fold and stick in your wallet makes it even easier.

Using the web site, you print out three passcards, each containing 70 four-character passcodes for a total of 210. Now, if you randomly combine three passcodes to make virtually unbreakable 12-character passwords, you’ll have a resource of 70 passwords right at your fingertips. Circle the ones you’re using for your current password and cross them out when you change it. Better yet, write down the columns/rows and keep that separate from your passcards. No one’s going to know that A1F4D10 translates into Cai?DCGX@xBt, but you do.

Cheers!
The Geek

Have a question? It can be about anything from cooking to science, whatever you’re interested in: Click here to Ask the Geek! Kenny “The Geek” Harthun has been playing with geeky stuff since 1965. He’s a former research scientist and Microsoft Certified Systems Engineer at Connective Computing, Inc. and loves to learn about anything and everything.

TagJag Tags: secure computing, passwords, security, perfect paper passwords, passcode, passcard