Home Forums Networks & Cross-Platform Networking Offline storage for passwords

I am looking for a freestanding device with a keyboard that just stores passwords instead of keeping a list, which I do. One with an easy to use keyboard, like really easy with big keyboard would be a plus. (Luddite.)

I saw an advertisement for a device such as you described yesterday, but for the life of me I cannot find it today. I understand the appeal of such a device, but I have to question its utility, especially with today's more secure passwords such as yo0grom9nAyt which can be difficult to type in accurately. I much prefer something that will insert passwords automatically or where I can copy and paste.

Keychain in Mavericks and Yosemite can and will automatically store userids and passwords and insert them when prompted in Safari. It will also suggest secure passwords. Even sites that ask the browser to not fill in the password, Safari will override that request if you have a user password set and in System Preferences > Security & Privacy you have checked the block to require a password after sleep or screen saver. Copy and paste is doable but you have to enter your logon password each time and that is a pain. You can store just and retrieve just about any secure item in Keychain using KeyChain Access

There are a number of password, serial number, credit card number, etc apps available from the App Store that have a friendlier user interface than Keychain. I know because I have tried a slew of them over the years. The one I am using now is 1Password and it works well for me. It works on both my OS X and iOS devices and synchs the passwords across all my devices. It has specific facilities for storing all sorts of data I wish to keep secure. In many ways it duplicates Keychain's functionality but with a friendlier and faster user interface.

Of course with all of these you must remember the master password or you risk losing all the data.

I suggest Secret Calculator Icon from the app store. it's a functional calculator that hides your password list(s) behind a clandestine password.

In other words, it's a protected password list, that additionally hides its very existence on your device. I use the free app, but there's also an upgraded paid version.

I really don't want my passwords on my computer, phone, etc. Just don't. Want them on something, for now it's a piece of paper, can take with me if need be. I have one computer. If it dies and I have to use a friend's, I'll have them without some big deal of going through TM backups.

I also don't store them online anywhere. Been hit with credit card fraud twice, places I have never been to and companies I never did business with, and then was told by one of my credit card companies someone called pretending to be me. just really sick of it and don't want to find out someone has hacked into whatever app I'm using to store the passwords or it was malware.

several here are suggesting an iPhone app... does that not meet those goals?

I don't have an iPhone.

now you have an excuse

How about a piece of paper that you can take with you, that will hold the password for every site you visit, but in a form that only you can read? That is, no one who finds your piece paper can recover any of your passwords, but you can recover all of them?

The secret is a technique developed by Steve Gibson (host of the Security Now podcast). He calls it Off the Grid. In his words:


He explains how it works at the above link, but the essence is that you visit his website to generate a 26x26 letter grid that you print out and carry with you. (This gives you a personal and private grid. Steve Gibson does not want nor collect any information about you.) You choose and remember a starting point on the grid, then use (the first six letters of) the domain name to walk from the starting point through the grid twice using very simple rules. The second walkthrough generates the (twelve-character) password. Even someone who has your grid in hand and knows the rules cannot generate your passwords without knowing your chosen starting point. For added security, you can modify the rules to your heart's content.

I just worked through Off The Grid, and it's pretty durn clever, but I suspect that most people would find it easier to remember numerous passwords than to remember numerous starting points and paths, work through them, and enter the n characters they generate. (It's certainly not a time saver!)

And wait 'til your piece of paper starts to tear along the creases and you realize that you forgot to back up your grid!

But... It's a marvelous device if you want a paper record of a master password that you absolutely can't afford to forget.

You only have to remember one starting point. (Actually, you remember one starting row OR one starting column.) In his description, he assumes the starting point is the top row, but if everyone does that, than anyone who finds your paper can re-recreate all your passwords.

Alternatively, you can keep the starting point on the top row, but insert a password of your choosing between the two paths. For example, to log into Amazon, instead of following the path A-M-A-Z-O-N-A-M-A-Z-O-N (noting the characters of the password during the second half), you follow the path A-M-A-Z-O-N-P-A-S-S-W-O-R-D-A-M-A-Z-O-N. The inserted password need not be especially long or clever. Or to save time, follow the path A-M-A-Z-O-N-S-E-C-R-E-T, extracting the password from the SECRET part of the path.

You don't memorize the path. The domain name for the site you want to log in to produces the path.

When you generate the grid, you can can initialize his random number generator with a pass phrase of your choosing, or let him generate a completely random pass phrase. Either way, the pass phrase is printed at the top of the grid. You can re-enter the same pass phrase to re-generate the same grid whenever you need to print a new copy. Or print out a whole stack of them. In the podcast he mentions the possibility of laminating the paper grid to make it last longer.

You should probably detach the pass phrase if it would be easy for someone looking over your shoulder to memorize it. The pass phrase is (part of) your "master password", in that it can be used to re-generate a copy of your grid. The starting point, and any password you insert into the middle of the path, are the other two parts of the "master password". There are only 52 starting points, so inserting a password into the path is probably a good idea. And/or make any other rule change of your choice. It's not like there's any standard you need to adhere to.

I can envision any number of grids starting out as great ideas and ending up looking like word-search puzzles.

They'd make great X-mas gifts: You could give people copies of both you master password file and your grid and let them tear their hair out trying to get inside your head.