More information about the Underscore mailing list

[_] 1Password alternative

Rob Stapenhurst rob at meanline.co.uk
Thu May 30 11:22:54 BST 2013

> Instead, how about a grid of random characters printed on a
> wallet-sized card, and software that tells you what grid coordinates
> and direction to use to get the password for a given site?

For a while I had a system which involved keeping encrypted good passwords
(15+ random characters (is that still considered good?!)) in an easily
accessible place on the internet. It was a sort of Caesar cipher with a few
tweaks which was simple enough to decrypt with a pen and paper, the idea
being that I could decipher these without requiring access to any
particular piece of software. Unfortunately, 3 minutes of scribbling on an
envelope is too much when you just want to check your bank balance; in the
end I had a desk full of post-its containing plaintext passwords. Not good.

Now, where long passwords are permitted, I use a phrase with some simple
rules governing capitalisation and insertion of non-alphanumeric
characters. The phrase is generally a noun and a few adjectives. I have a
large image file containing sketches of each of these objects and an
indication of the site or service to which they pertain. This can be synced
across machines, saved in the cloud or printed off. The inept scribble
which immediately reminds me of "contemplative recumbent Harrison" will
have no meaning to anyone else who sees it.

I'm pretty satisfied with this system: it doesn't require specialist
software, the text descriptions of the images are easy to remember because
of their absurdity, and the resulting passwords are strong by most metrics.
The main problem is that they tend to be rather long and tedious to type,
but that's pretty much a necessity these days. It also doesn't address the
issue of keyloggers on untrusted machines, something which Keepass makes a
reasonable go at.

Rob


On 30 May 2013 10:42, Tom Gidden <tom at gidden.net> wrote:

>
> On 30 May 2013, at 09:51, Tim Wintle <timwintle at gmail.com> wrote:
>
> > On Thu, 2013-05-30 at 07:08 +0100, Tom Gidden wrote:
> >>
> >> More I think about it, the more this book thing makes sense to me.
> >
> > Agreed.
>
> I just found myself looking in Amazon for a cheap Filofax. :O
>
> Seems to me it's ideal... too big (in this day and age) to tempt me into
> taking it anywhere; relatively unobtrusive on a desk; already has A-Z tabs
> available; replaceable and removable pages; plus the ability to add printed
> pages, like a random letter grid and neat printouts of my existing
> passwords which could be built as PDFs from my existing password manager.
>
> Downside: they're relatively expensive, and owning a Filofax nowadays
> seems to me to be a diabolical blend of hipster and yuppie throwback.
>
>
> With regards to the card thing, I noticed http://www.rainbowcards.org/ and
> http://www.passwordcard.org/en , neither of which seem to be particularly
> well-done to me. I've also come up with nothing when searching of one-off
> or very short runs of metal-etched wallet cards.
>
> Hrmm.
>
> Tom
> --
> underscore_ list info/archive ->
> http://www.under-score.org.uk/mailman/listinfo/underscore
>