
Two-factor paper passwords - jgrahamc
http://blog.jgc.org/2016/05/two-factor-paper-passwords.html
======
crasp
Pretty neat for the older generation, until you run into one of these sites
that persist that they know how to properly do password security and require
you to have at least 1 number, at least a 'special character' (of which the
definition is often very vaguely described) it should contain of at least 8
characters and also be no longer than 12.

You will soon come to the conclusion that it is still easier to teach people
to use a password manager for this because these schemes are nice but only get
you this far before you have to revert to remember that single password again.

~~~
reacweb
Why no longer than 12 ?

~~~
dfox
That is valid question to ask authors of systems that do not allow passwords
longer than 12 characters (or 8, which is another popular upper limit, which
can have some vaguely meaningful technical reason for legacy systems).

~~~
zo1
Or 10, which is the maximum password length my bank requires in order to log
in to my bank account.

Oh, but they have a 4-digit pin, too! That makes it oh so much more secure.

~~~
nommm-nommm
My old bank required an exactly 5 character password.

They had two factor authentication though, with a phone call or SMS. What
happened if you forgot your password? Well you had to reset it, using only
phone call/SMS, of course!

------
jgrahamc
The first thing I tell people to do is secure their email with a good password
and two factor authentication because if that gets hacked most other stuff can
be hacked via password resets.

~~~
fredley
Your email address is your identity online - everything but everything assumes
this. I have strong passwords and 2FA on my main account. If it was hacked, an
attacker could (for example), reset my password for my national security
vetting portal account. On there is available to anyone who has my login (no
2FA for this, obviously), forms which detail _everything_ about me, my
partner, my parents. My total, actual identity. I am compelled to use this
service for the work that I do.

I hope neither it nor my email has any security breaches.

~~~
newjersey
Does it at least have a cool down period? Like if you try your username n
times in the last hour, you get locked out and can't try any more for m hours?

~~~
fredley
I don't know, you tell me how secure you think it might be:
[https://www.nsv.mod.uk/](https://www.nsv.mod.uk/)

~~~
jsingleton
Well, as it only supports TLS 1.0 and SSL 3 (C grade on SSL labs), plus looks
like it's running an old version of Web Forms, I think you're probably fine.
:/

------
mistercow
Problem with this is that the entropy contribution of what you keep in your
head is minimal. If someone gets your book, you're hosed.

------
mikegerwitz
On a similar note, gnu-pw-mgr uses a memorized transformation on a URL to
generate passwords on-the-fly deterministically, so no password are ever
actually stored:

[https://www.gnu.org/software/gnu-pw-mgr/](https://www.gnu.org/software/gnu-
pw-mgr/)

------
coredog64
Why not just a laminated password card that stays in the wallet/purse?

[http://www.passwordcard.org/en](http://www.passwordcard.org/en)

~~~
pavel_lishin
It's not a bad idea, but there's a few problems:

1\. I would 100% forget which symbol goes with which site.

2\. The length I choose for my password may be too long/short for a given
site.

3\. Some sites require special symbols; some sites forbid them. Now I have to
pick out my symbol based on the site's requirements, not ease of memorization.

~~~
splintercell
One solution to the site restrictions regarding symbols would be that you
generate a non-symbol password, and a symbol substring. You add the symbol
substring when you know that the site requires symbols (or if the non-symbol
password fails).

------
theophrastus
Generate a 36x36 matrix of random (password suitable) characters indexed along
ordinate and abscissa with a-z0-9. Two things to remember: a two character key
to a password (e.g. 'am' for amazon, 'w3' for a third work related password)
and a scheme for tracing a path through this tabula recta[1] following after
the first character indexed by the key (e.g. spiral to the left until 12
characters are accumulated). Make two copies of the same matrix, put one in
your wallet and the backup in your safe deposit box [2].

[1]
[https://en.wikipedia.org/wiki/Tabula_recta](https://en.wikipedia.org/wiki/Tabula_recta)

[2] [http://lifehacker.com/5715794/how-to-write-down-and-
encrypt-...](http://lifehacker.com/5715794/how-to-write-down-and-encrypt-your-
passwords-with-an-old-school-tabula-recta)

~~~
wflynny
What happens when one password is leaked somehow? Do you then have to
reinitialize the matrix and reset all your passwords?

You also have the problem of some domains requiring alphanumeric only, etc.,
which then limits what characters you can use in all your passwords.

~~~
theophrastus
leaked password: choose a new/different two char index or path scheme.

alphanumeric only (some would say avoid such sites [shrug]): just continue
along the path skipping over the non-alphanumerics until you've got the length
you want.

------
rolfvandekrol
The amount of possible alterations (practical alteration that people actually
come up with) of a diceware passphrase is, I think, much lower than the
possible values of a 6 figure number (which is what most two factor
applications use). If you think hard, you'll come up with maybe 100 possible
alterations. I wouldn't trust this scheme as my password manager. I use
1password, which feels a lot safer to me.

~~~
falcolas
Ironically, you're frequently safer with a written down password than you are
a password that is stored on your computer.

For example, to get your password book, the attacker must have physical access
to you. This immediately lowers the attack surface. Your passwords can't be
sniffed out of your clipboard. Your passwords can't be brute-forced by someone
who compromises by one of your accounts (even the account which stores the
encrypted password vault). You can burn your password book to ensure secure
deletion.

Yeah, a password manager is still probably better; even the OP acknowledges
that. OTOH, how secure is your password to access that manager? How frequently
do you rotate it? What happens when that password is compromised?

------
zokier
Instead of silly obfuscation techniques a far more simpler and secure solution
would be to append a memorized master password to the written password.

~~~
ComputerGuru
Until one db is hacked and everyone in the world knows your master password.

~~~
fweespee_ch
Well, they'd also need the codebook where you store the passphrase to get the
other half of the password.

So if you change the master password regularly, they'd need to hack a database
in that time window and steal your codebook. I highly doubt anyone would put
that level of effort in.

~~~
csours
I kind of expect that if a determined hacker targets you (or me) specifically,
we will get pwnt. The tradeoff is in how determined the hacker is and what the
payoff is.

------
joesmo
Slightly off topic, but I wanted to use a password manager and installed
Lastpass Premium. Great, except for the fact that it won't update passwords
and often times fills in the wrong password despite my verifying that it
actually stores the right one. It's completely unreliable. Thankfully, I
haven't started resetting all my passwords, but that also makes the password
manager useless. After paying for that, I wonder if there is a password
manager that actually works and is reliable. I've read great things about many
packages, but in almost every case, I've also read great things about Lastpass
which is atrocious and was definitely not worth even $12 / year. Needless to
say, I don't trust any of those reviews.

~~~
sandyarmstrong
I don't have the problems with LastPass that you have, but if I did, I would
still find it handy for secure password generation, sync, and backup.

You could just open the LastPass Vault in a separate window and copy passwords
out of there and it would still be worth $12/year for me.

That being said, try right-clicking in credential fields to find more fine-
grained account selection.

And maybe stop by their support to find out if something is wrong with your
setup.

------
Lxr
Here is a fairly simple alternative to this or using a password manager:

1\. Remember a high-entropy “base” password that is likely to pass complexity
and length requirements

2\. Invent a weird way to incorporate the name or domain name of the product
you’re using into this password to make it unique (e.g. “put the second letter
of the domain name as the third-last character of your password”)

Advantages: Memorable but unique password for all or most services, no need
for physical books that can be stolen, works on any machine. If one of your
passwords is discovered, it's basically useless beyond that service unless the
attacker knows your step 2.

~~~
nommm-nommm
Disadvantages: do I have an account on this site? What email address did I use
to sign up? What is my username (Many have user name requirements)? My
password is too long. My password is too short. My password has the wrong
characters. My password does have enough numbers. My password doesn't have
enough special characters. My password has too many numbers. My password had
too many special characters. Now you are remembering tons of special cases. If
you are specifically targeted they can compare your password in two hacked
databases and find out your scheme.

~~~
Lxr
_do I have an account on this site? What email address did I use to sign up?_

Fair point but often there are not too many possibilities.

 _What is my username_

Your email address, in most cases.

 _My password is too long. My password is too short. My password has the wrong
characters. My password does have enough numbers. My password doesn 't have
enough special characters. My password has too many numbers. My password had
too many special characters._

Occasionally a problem, but I have been using this method for years and have
maybe two or three passwords that I have to manually remember for reasons like
this.

 _If you are specifically targeted they can compare your password in two
hacked databases and find out your scheme._

True, but then one can similarly come up with scenarios for most other
schemes.

I agree it's not perfect and won't cover every case, but it has worked well
for me.

~~~
nommm-nommm
>What is my username.

>Your email address, in most cases.

I have accounts with, like, a bazillion different financial institutions. They
all require user names that have length requirements and special
character/number requirements. I would forget all my user names if it weren't
for password managers.

If you have one bank, no 401k, no IRA, no credit cards, two social media
accounts, one email address, and do all your online shopping on Amazon, and
not much else this sort of disadvantage won't pop up but once you get into
multiple accounts on multiple sites it does not scale.

If you have many password schemes you'd also have to remember the password
rules for every single site.

~~~
dave2000
What would be nice would be if all sites supported this system:

1) go to site 2) enter email address (cached by the browser) 3) go to email
account 4) click on long, unguessable link which is only valid for 2 minutes)

er..that's it.

You could even skip the `enter email address` step and just get users to keep
a link provided in the initial signup process. This link could either be the
one you always use to log in, or for better security could prompt the remote
site into sending you another single-use login link (as above).

~~~
jakub_g
Well most sites do support the feature. It's called password reset and I use
it heavily in fact.

I use keepass, but sometimes for services that I use once per year, I just go
via password reset and change password to a long random gibberish and do not
even bother to write it down to keepass.

~~~
dave2000
No, it's nothing like password reset. My proposed system doesn't even need a
password.

------
elchief
Email is your #1 security concern as that's where password resets go.

Do yourself a favour and use Chrome, buy two U2F keys, register them both, and
put one in a safe-deposit box.

It's also phishing-proof, unlike SMS or TOTP.

~~~
theandrewbailey
Yeah, let's all use this one browser!

Soon: Chrome is the new IE.

~~~
stephenr
That happened a long time ago when Google started pestering users of its web
properties to use Chrome.

------
jsingleton
Anyone else get the CloudFlare CAPTCHA for the diceware link?

Ironic if John's blog caused more checks for that site.

[https://www.rempe.us/diceware](https://www.rempe.us/diceware)

~~~
jgrahamc
I did

------
atemerev
My problem with password managers is that: a) I have more than one computer,
b) I lose physical objects routinely, and my computers tend to break down and
be replaced.

But I have a good memory and I trust it much more than my ability to keep
things organized and make routine backups. It's easy for me to generate more
or less secure passwords that I can memorize, like:

shrebangodiKe24+ binarKedonado!3297 Miregofinar--0009

etc.

Those will last for a few more years, until password crackers will become so
fast that it will be impossible to remember any kind of secure password
anymore.

Then, I'll be screwed.

~~~
fredley
I think this approach is better for your mom than for your average developer.
I use LastPass and it continues to be difficult even for me to use, less savvy
people wouldn't have a hope.

~~~
fbnlsr
I'm also a Lastpass user, and while the service is near to flawless, I keep
thinking that the UI is really bad. I wish they could work on that.

~~~
fredley
Yeah. It's slow, and just plain badly designed in places - crucial
interactions hidden behind icon-only menus etc. I really hope they sort it out
one day.

------
n72
Why not just use this? [http://fabrianoboutique.eu/agenda-logins-and-
passwords-564.h...](http://fabrianoboutique.eu/agenda-logins-and-
passwords-564.html)

------
PeterWhittaker
If someone steals the book, you're done. Sorry. Unless the words are merely
suggestive of actual passphrase, an attacker with the book will break your
accounts very, very quickly.

Reference?
[https://www.schneier.com/blog/archives/2014/03/choosing_secu...](https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html)

Ten years ago, this scheme might have worked, but now, attackers now about
such schemes and have integrated them into their tools.

Yes, LastPass and its ilk have their challenges, but they are far superior to
this security snake oil.

~~~
bradjohnson
How is that any worse or more likely than if you use the same password for all
sites and one is compromised? The author clearly states that this is only an
alternative option if you are not willing to use a password manager.

~~~
PeterWhittaker
_The author clearly states that this is only an alternative option if you are
not willing to use a password manager._

Which means it is no alternative at all. I'm a professional security
consultant. If a client were to ask me to list the alternatives to using a
password manager, I would say "Being hacked".

They would ask what else? I would say "That's it, that's the list".

Bad security advice is as bad as no security advice.

Having amateurs provide well-intentioned, well-stated, well-described,
terrible, terrible ideas, ideas articulated well enough that they seem
plausibly good, and having them being supported by people who ought to know
better does the entire industry a disservice.

What would I tell my Mom? "I'm sorry, I really am, I know it's hard to use,
but it really is the best alternative, the only really secure alternative,
unless you want to keep a book of really strong passwords locked in your desk
and only ever use your computer there."

Which, for average users and average use cases, is no alternative at all.

~~~
bradjohnson
You're being purposefully obtuse if you think that every single person that
doesn't use a password manager will get hacked... This advice is meant for
people who will NOT use a password manager, which, believe it or not, is a
large majority of the population. Look at the statistics for password use, it
is undeniably more safe to use this method than to use "123456" or "password"
which is the most likely alternative.

