Edit: I was contacted by *the* guy, Mike, that invented the password grids, see his comments below. He has republished his article here: http://www.vvsss.com/grid/ I recommend reading it first!
If you are really paranoid like I am then you have a different password for every computer login and Internet site you subscribe to. Hopefully you are not one of the many people out there that use the same password for *everything*. That’s just begging to get your identity stolen.
For years I’ve struggled to come up with the perfect way to keep track of all of my 100+ passwords. Years ago I tried various free and commercial password keeping products such as Passwords Plus, Splash! Wallet and MobiPassword and I never really felt comfortable using them.
Since then I’ve used a simple solution: an encrypted OpenOffice Calc (or MS Excel) spreadsheet. I encrypt the file with a master password and then put all of my login and password information in the file. This system has its own set of vulnerabilities. For example, if I put the spreadsheet on a thumb-drive and lose it, some hacker with too much free time might turn cracking the file into a hobby. Another issue is after I decrypt the spreadsheet it is placed in RAM or a swap file as plain text. Furthermore, when I had to enter my password on a website I would often copy the password to the clipboard and paste it into the web form. The clipboard makes my password available to any other program to read.
I know this sounds like an overly paranoid PITA, but that’s what I did. Until now. I’ve decided to take a more low-tech approach to remembering passwords. I found a web page about password grids years ago and thought it was a neat idea. I wish I could find a link to the site but Google is failing me now. The closest thing I could find was a comment about it on this site. I never really adopted the system before because it seemed a bit silly at the time. After trying all of the other methods and not liking any of them, I’ve decided to give the grids a try. And so far I like them!
The basic idea behind the password grids is simple. Think of an easy to remember but hard to guess pattern on an 8×8 grid. For example, here’s a very simple pattern, the letter F:
+-------------------------------+ | | | | | | | | | |---+---+---+---+---+---+---+---| | | | | | | | | | |---+---+---+---+---+---+---+---| | | 1 | 6 | 7 | | | | | |---+---+---+---+---+---+---+---| | | 2 | | | | | | | |---+---+---+---+---+---+---+---| | | 3 | 8 | | | | | | |---+---+---+---+---+---+---+---| | | 4 | | | | | | | |---+---+---+---+---+---+---+---| | | 5 | | | | | | | |---+---+---+---+---+---+---+---| | | | | | | | | | +-------------------------------+
The pattern starts with the number 1 and ends with the number 8. Now that we have a pattern, we can generate a random password grid:
+-------------------------------+ | x | ~ | d | [ | : | j | < | @ | |---+---+---+---+---+---+---+---| | ; | , | S | K | ` | a | f | n | |---+---+---+---+---+---+---+---| | f | ! | D | ! | u | 7 | 1 | A | |---+---+---+---+---+---+---+---| | ~ | s | V | a | 5 | N | k | v | |---+---+---+---+---+---+---+---| | V | 9 | | | K | | | o | y | a | |---+---+---+---+---+---+---+---| | K | J | H | " | s | r | ] | _ | |---+---+---+---+---+---+---+---| | Q | = | y | : | s | # | x | m | |---+---+---+---+---+---+---+---| | I | k | T | t | p | ? | T | w | +-------------------------------+
With the random grid and the pattern we can derive the password. Do this by traversing the pattern on the random grid. The password for this example would be “!s9J=D!|”. Although the password is short, it is very secure. It contains upper and lower case letters, numbers and symbols, like all good passwords should! As I mentioned above, the pattern you use should be easy for you to remember, but hard for others to guess. The patterns can start at any location, move backwards, forwards, diagonal and even skip around. Edit: I’m not sure I made this clear and it may be causing confusion. You only need to remember one pattern for all of your password grids. It would be insanely difficult to remember a different pattern for each grid.
The way you manage your passwords is also simple. Print out a page of random grids, one for each login you have, cut them out into cards, and put them in your wallet. If someone sees the password grid, they cannot derive the password easily unless they know your pattern. If your pattern is ever discovered, then your password cannot be retrieved without having the grid for that password. So its a double-key system, both parts are necessary to get the password. You can also carry around blank grids in case you need to create a new login account while you are sipping coffee at the cyber-cafe.
I created a JavaScript program to generate the password grids. I chose JavaScript (and not Lisp) because it can generate the grids on the client side, not requiring a server. It also makes printing the grids easy from the browser. Here’s a link to the program. It generates 9 password grids and allows you to toggle upper/lower case alpha, numbers and symbols. When printing the page make sure you set it up to shrink to fit.
If you like the system and want to use it, I recommend you save the html file to your local machine. I also highly recommend backing up the grids you use to a text file in case your wallet is lost.
I’m not sure how secure this system really is. With a complicated pattern it seems to me to be very secure. If anyone has an opinion I’d like to hear it.
Edit: If you have a system that works for you, that’s great. One person suggested grouping sites into high/medium/low and only memorizing the passwords for the high’s. This system works good when you have a low number of high security systems. Password grids would be ideal for those high importance passwords. I agree the password grid may be overkill for most people, but for paranoid people like me, it helps me sleep better at night 
Posted by anthonyf 