People have used ciphers to encode messages for ages. To decode a message you need to know a cipher and a key. A cipher is a source of letters which are used to substitute the letters in your text, and a key are the rules which use you to make the substitutions.
The authors adapted this standard encoding technique and applied it to password generation and an aid for recollecting passwords. The book contains a brief 7 page explanation of how this cipher works. It is written in a simple language which is easily understood by people who are not familiar with any encryption techniques. The rest of the book provides 104 pages which you can use to generate and keep track of your passwords. Each of 104 pages containing its own cipher and with the use of the same key (i.e. your rules) you would have a 104 different passwords. The length of the password and the position of the letters is your key. As long as you don't mark the book to expose the rules you are totally safe even if someone sees a page for a specific web site.
Once you make a commitment to his approach, you will not be able to remember your passwords without this book as they will be random strings of letters and symbols. The author of the book offers a pocket edition of the password keeper on his web site (currently $2.94 including shipping), which allows a person to keep 15 most used passwords (3 computer logins, 3 emails, 9 websites) in a wallet. The tables on the 15 pages of the pocket book match the first 3 tables for logins, the first 3 tables for emails, and the first 9 websites in the full size book. So when you create your passwords in the full size book you need to keep in mind which passwords you want to include in your pocket size guide and put them first. If you don't want to use the pocket guide, you can use a copier to copy and shrink those pages to take with you.
There are situations where this approach does not work very well. For example, several web site I use impose very strict rules on passwords. For example, some require the password to have one capital, one number, and one special character. Your key may not generate a string that follows those rules. I also ran into some website that do not allow special characters, which are included in the cipher tables, so you might not be able to use the string generated by the key. The author anticipated such situations by suggesting writing down the exception below the table, such as "replace the first character with a capital" or "replace the third character with x", which does not decrease security by much. I agree. However it makes the rules more complicated and marries you to the book even more.
This is a very secure way to generate passwords. The downside of this approach is that you become totally dependent on this book, and if you forget to take your cheat-sheet with you when you travel chances are you will not be able to get into your own accounts.
You can find this book on Amazon by following this link.
Ali Julia review ★★★☆☆
The author provided me a review copy of this book for an honest and unbiased review.
No comments:
Post a Comment