This sort of objection is raised whenever basically any mechanism for remembering strong passwords is presented. Much like many results in computational complexity, worst-case results are not necessarily indicative of real-world utility. To wit, in the scenario you outlined the attacker must a) know beforehand that the target was using this device; b) know beforehand that the inserted middle portion was vulnerable to a dictionary attack; c) have compromised at least one and more likely several websites; and d) obtained the cleartext password from each of said websites. This seems an almost comically unrealistic chain of events for the average case. Yes, a determined and sophisticated attacker could probably pull this off, but if you have enemies who are willing to go to such lengths you probably are aware of it and would not be using a silly little crutch in the first place. For the rest of us, this seems like a potentially useful alternative to using 'c@td0g11!' for everything.
> This sort of objection is raised whenever basically any mechanism for remembering strong passwords is presented.
Yes, because we've basically realized that memorizing passwords isn't a workable solution. We should be recommending password managers that generate/store strong passwords and MFA for any account that needs to be secure. That these password generators themselves can now be unlocked using both memorized information and biometrics (TouchID and such) makes them all the more secure.
Moreover, this is the only solution that's capable of dealing with all the asinine password requirements that get imposed on users...solutions like this card fail hard when the password requirements prohibit certain characters and/or other characteristics of these passwords (repeated characters, length, etc.) Until the world gets together and standardizes what constitutes a secure password, memorized passwords will always be a flawed solution.
They have been through history and way before the industrialized world, not only that but what was considered secure yesterday may be compromised today or tomorrow. This is not going away any time soon and you have to design security taking this into account.
Another problem with password, it's that those web services we use password for collect way too much sensitive information that they should not be given in the first place.
yea a coworker uses YubiKey... it generates extremely strong one-time-use passwords (essentially just meaning it auto-generates a different one for every site?) & auto-enters them through a browser add-on when the device is in USB (I believe?)
seems like solutions like that are a bit easier than typing in a bunch of keys you are looking up on a card and really solve the issue of web-based attacks.... it really only leaves you vulnerable to people who have physical access to the USB device, and even then i can imagine simple ways to make even that a hassle (have another password layer as master sign-in? would be enough to deter most of your acquaintances from being able to use your device)
A normal Yubikey is still vulnerable to MITM and phishing attacks.
The combination of a password (using a password manager) and a U2F key is more secure (Yubico also has U2F keys). U2F keys avoid phishing and most MITM attacks by generating a unique keypair per origin. Since a phishing site or MITM does not have the same origin, they cannot successfully complete a challenge-response with the key.
Also, AFAIR, Yubikey OTP requires the use of a Yubikey server which knows the shared secret, which may be problematic.
No! Passwords should never be considered as secure material, period. Centralizing in a password manager centralizes the burden. There are half a dozen other workable solutions, among which authentication by email (What else is the reset-by-email link?), Mozilla Persona and all kinds of asymetric keys.
It is better than using the same password everywhere, but not by much.
When password databases are leaked, there have been instances of people / groups who take passwords from those leaked databases and try to log in on other sites (for example, to steal money or data, defraud customers, or to plant back-doors to allow future criminal activity).
Suppose that after this becomes popular, there are leaks of at least two plain text databases from popular websites (not that unlikely, unfortunately). These websites might be relatively low value - someone might get permission to comment as someone else, our change their preferences on the site, or something like that, if they had their password. Suppose some people believed this card was safe, and so put a password generated by this card into two of these low-value sites that don't put too much effort into security (since they don't even bother hashing their passwords with bcrypt / scrypt or the like), and also into a high-value site (bank, domain name registrar, GitHub account that hosts puppet scripts, important e-mail account).
Using the two low-value site password databases, I could easily automatically identify likely candidates for these types of passwords that are common between the two databases - they both start with the same 8 'spacebar' characters. I could have a set of likely endings prior to the substitution cipher for the passwords in each database, and this would allow me to use something like the E/M algorithm to work out a distribution of most likely partial substitution cipher table, common word, and space bar values, which I could then combine with likely 'identifier' plaintexts to prioritise the order in which I send passwords to use against the secure site.
All of this would likely be completely automated - and if a significant number of people are using these cards, for certain types of criminal enterprise there is a good chance that it would be cost effective.
All in all, people using this card are taking a very real security risk that is completely unnecessary when there are other better alternatives (like using a password manager, and generating a completely different secure random password for each site). Encrypting the database with a strong password and an expensive key derivation function also complicates other types of attacks (for example, someone secretly going into your wallet and photographing the card) - obviously, they could try to install a keylogger on your phone or computer with the password database, as well as copy your password database, but that probably takes longer and carries more risk of getting caught than photographing a card.
Please do apply this sort of objection to a password card[1].
Then again there are different kinds of attack on passwords, among those is the dedicated targeted attack and those will be happy to exploit the false sense of security you get from a qwerty card.
Lastly using the same password for everything is wrong, but reusing a password for services that do not require a high level of security is acceptable such as posting comment on weblogs. bugmenot being a popular choice reminding of a time when their website was actually useful.
The rest of us could also make up our own password generating techniques as well, and have c@td0g11!el8oo8, c@td0g11!no5@m@ etc.
el8oo8 is google backwards - but coming up with a word scrambling technique isn't hard, as many conspiracy theorists ought to know better.
This wouldn't provide cipher encoding, but someone already mentioned https://www.passwordcard.org/, and as you said, this is for the rest of us.
