On Thu, Apr 28, 2011 at 10:58 AM, Eric Wald <[email protected]> wrote: > On Tue, Apr 26, Aaron Toponce wrote: >> On Tue, Apr 26, 2011 at 10:49:36AM -0600, Eric Wald wrote: >>> Over 25,000 reasonable straight-line passwords; double that to include >>> spirals. Certainly with range for a dictionary attack, but it would >>> take long enough that I could re-print the card, print a new card, and >>> change all of my most important passwords before you're likely to have >>> cracked even one account.
The passwordcard is just a new iteration in the evolution of one method of password security. Example evolution: 1. Use strong passwords to prevent dictionary/brute force attacks 2. Use different passwords for different services 3. Record your passwords so you don't have to rely on memory 4. Record them on paper in your wallet since you already have a habit of securing your wallet *5. Use a password card to obfuscate your password records and encourage strong passwords The ability to create a dictionary from a compromised passwordcard isn't the purpose or most risky factor of the system. It simply adds another layer of security on top of a long list of other layers. Also, since it's physical, it's relatively easy to be alerted to it's compromise so you can change any compromised passwords. Very akin to canceling your credit cards in case of theft. I think the passwordcard is a great alternative to using a password manager (lastpass, keepass, 1password). /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
