Your Randomly Generated Password Grid

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Refresh to get a new random grid or:




Ya: No:

Ya: No:

What? How does it work?

There are lots of different ways to use a password grid. The most common is to pick a pattern in a small grid and walk it for a total of 8-16 characters. People often create a new grid for every meaningful password (ie, one grid for your bank, one for your online stock account, one for your production web server account, etc).

That might be a little overkill for most people, especially for 16 character passwords -- that's a lot of typing and grid reference! -- So lets see if we can find an easier method that will still give us a measure of safety from dictionary attacks. You'll notice that this grid has letters and numbers on the axis, the alphabet along the top, 0-9 on the left, we re going to use that to make a simple, difficult to crack password scheme:

  1. Print a few copies of your grid. This is important even if you generated w/ a phrase. You might lose it and the site might not be around anymore to re-generate your grid.
  2. Choose a length for your passwords, 8 is normally good enough for most needs (62^8 is a big number (218,340,105,584,896 in case you were curious))
  3. Choose a way to find the start point for your password.
  4. Choose a simple pattern to follow to get your 8 characters. It doesn't really matter what it is, someone will have to have your card AND the pattern AND the starting point to determine your password, so keep it simple
  5. Combine the steps into a password

That's the general case -- does it make sense? Let's try with a real world example for facebook.com:

  1. Lets go with 8 characters for our password, if you want more you'll just have to accept that it'll take a while to memorize and type (we are talking about random letters here)
  2. Facebook starts with the letter F and has 8 characters, so we're going to use (F, 8) as the start of our pattern, nice and simple
  3. To keep the pattern simple, lets go with 4 characters to the right and 4 characters down
  4. Put the pattern into action:
    1. Go to F,8 in the random sample above.
    2. Grab that character and the 4 to the right of it {(F,8), (G,8), (H,8), (I,8)}
    3. Now grab the four characters below that {(I,9), (I,0), (I,1), (I,2)}

Simple and repeatable. Print out a new card every 3-6 months and swap all your passwords.

Just tape the grid to your computer and keep a copy in your wallet. Even if someone has access to the card, they don't know the patterns that you use, so there's not much that they can do with it.

Password Grid FAQ

Why?

Because you can't make a good password.

This is hard, can I use a shorter password?

Yes, but see the above question. You may place a passphrase inside of your generated password (passwords inside of passwords!). You'll be making yourself slightly more vulnerable, but with the extra characters you can now make the generated part of your password shorter. In the example above you could use "mYpAsSw0rD" and then toss 4 of the random characters on the end or beginning or in the middle. Honestly you should do this anyway; the more characters the better. Consider a phrase like, oh, I don't know... maybe "CorrectHorseBatteryStaple"

Fidelity and Facebook are the same number of characters and both start with F, handle THAT!

What, do I need to solve all of your problems for you? Print two copies and mark one "Banks and important crap" and mark the other one "Everything else". Or place a different passphrase within the generated passphrase, like "Bank" for banks.

http://www.thedailyworsethanfailure.com/ is 24 characters, that is more than 9. What do I do?

You see 24, I see 4. Wrap it around (software people call it the Modulus operation).

Wait wait wait, print a new one every 3-6 months?

Yes. If you're springing forward or backwards, change your passwords (yeah, I just thought that up... no I know it doesn't quite work, but whatever).

How random is this?

Fairly. Take a look at the source if you're curious. It uses JavaScript, so it is all there. It doesn't use a cryptographic random number generator or anything fancy, but if you just want to add some entropy to a passphrase that makes it different for every site, then this will suffice.

What do you do with this data?

There are no tracking scripts on this page and the grid is generated on the client via JavaScript. If your computer is not compromised, then this data goes nowhere.