The idea of PassCard was born from the frustration with password management solutions. Technology should make our lives easier and better, and pervasive online services help us greatly, but we do not feel free anymore. Each time we read an email on parents’ notebooks or pay in the store with another card, we need to check our phones or write down passwords on a piece of paper.
Internet services and local network administrators require long passwords with letters, numbers, and special symbols. Moreover, you must regularly change the password due to password hash leaks and automatic security policies. You cannot use your pet’s name and spouse’s birthday because such passwords are easily guessed or vulnerable to brute-force attacks by hackers.
No wonder the password management market size was valued at $1.5 billion in 2021 and will grow to $7 billion by 2020. However, password management applications like KeePass, LastPass, and 1Password make us dependent on their services, and we cannot access them in exceptional situations.
It is possible to write down all passwords in the pocketbook. However, suppose you lose your password book. In that case, every layperson can read it and, after several attempts, access your critical service like email and continue the attack by requesting password resets for other services.
A PassCard is a simple and secure alternative to password management applications and keeping passwords in a notebook. You can generate a credit-card-sized card for important passwords and PIN codes. Each card is unique and allows you to choose multiple passwords from a grid of random letters, digits, and symbols:
Unlike the PasswordCard.org service, PassCard does not require a server-side service or a mobile application. PassCard is a single-page application and works in your browser:
- Download Zip archive from GitHub
- Unpack it
- Open
passcard.htmlfile in your favorite browser - Click the Generate button to generate a new password and pin-code cards:
Passwords like “six red frogs” or “eight blue cows” are easy to remember and bring an element of a game into password management. Moreover, there are many ways to define the password path on the card, like “six red frogs fell” or “eight blue cows go backward”.
Enter the existing passwords and PIN codes to add to the cards and click the Generate button to place them on the card. Unfortunately, only a handful of independent secure passwords can fit into the card, and the path is limited.
Do not forget to remember the password and PIN code mnemonics before clicking the Export or Export All buttons. In the Preview mode, passwords and PIN codes are white, and the remaining card symbols are gray. After the export, all symbols are white.
Cautiously use PassCard, PasswordCard, and other services that generate printed secure cards. Physical access to the random symbols card does not help inexperienced attackers. Still, the card seriously limits the password search space for the brute-force algorithms and makes your passwords more vulnerable. Use PassCard in combination with additional security methods. For example, using the password card and two-factor authentication to access your Google Password Manager is relatively safe.
Feel free to clone and adapt the PassCard code to your own needs:
https://gist.github.com/sslipchenko/bb8f1ffe4437ac84dbaad44cb2c2ca48