A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
Refresh to get a new random grid or:
There are lots of different ways to use a password grid. The most common is to pick a pattern in a small grid and walk it for a total of 8-16 characters. People often create a new grid for every meaningful password (ie, one grid for your bank, one for your online stock account, one for your production web server account, etc).
That might be a little overkill for most people, especially for 16 character passwords -- that's a lot of typing and grid reference! -- So lets see if we can find an easier method that will still give us a measure of safety from dictionary attacks. You'll notice that this grid has letters and numbers on the axis, the alphabet along the top, 0-9 on the left, we re going to use that to make a simple, difficult to crack password scheme:
That's the general case -- does it make sense? Let's try with a real world example for facebook.com:
Simple and repeatable. Print out a new card every 3-6 months and swap all your passwords.
Just tape the grid to your computer and keep a copy in your wallet. Even if someone has access to the card, they don't know the patterns that you use, so there's not much that they can do with it.
Why?
Because you can't make a good password.
This is hard, can I use a shorter password?
Yes, but see the above question. You may place a passphrase inside of your generated password (passwords inside of passwords!). You'll be making yourself slightly more vulnerable, but with the extra characters you can now make the generated part of your password shorter. In the example above you could use "mYpAsSw0rD" and then toss 4 of the random characters on the end or beginning or in the middle. Honestly you should do this anyway; the more characters the better. Consider a phrase like, oh, I don't know... maybe "CorrectHorseBatteryStaple"
Fidelity and Facebook are the same number of characters and both start with F, handle THAT!
What, do I need to solve all of your problems for you? Print two copies and mark one "Banks and important crap" and mark the other one "Everything else". Or place a different passphrase within the generated passphrase, like "Bank" for banks.
http://www.thedailyworsethanfailure.com/ is 24 characters, that is more than 9. What do I do?
You see 24, I see 4. Wrap it around (software people call it the Modulus operation).
Wait wait wait, print a new one every 3-6 months?
Yes. If you're springing forward or backwards, change your passwords (yeah, I just thought that up... no I know it doesn't quite work, but whatever).
How random is this?
Fairly. Take a look at the source if you're curious. It uses JavaScript, so it is all there. It doesn't use a cryptographic random number generator or anything fancy, but if you just want to add some entropy to a passphrase that makes it different for every site, then this will suffice.
What do you do with this data?
There are no tracking scripts on this page and the grid is generated on the client via JavaScript. If your computer is not compromised, then this data goes nowhere.