Free yourself from remembering dozens of different credentials. Easily generate more complex, secure and unique passwords for each of your online accounts.

What is this?

?! Isn't this just a laminated card with some gobbledygook on it?

No! It's so much more: read on...

The c@rd™ is keyed to user by serial number, email address or ID -- every single one is absolutely unique. Use it to generate complex, per-site and per-account passwords for all of your online activity.

Personal Use

• Use a single c@rd™ to manage all of your online passwords with ease

Corporate Use: Run an IT Department?

• Order a run of unique c@rds, each keyed by serial #, employee ID or email address
• Help your staff 'help themselves' to make good, complex passwords with a way to recall them reliably
• Rotating passwords are a breeze, generating passwords that satisfy strict corporate policies
• Since the c@rd™ is a strictly off-line memory aid, it will work across multiple systems (employees can use their c@rd™ for home and work accounts if they wish)
• Custom corporate logo/artwork on request (pls arrange prior to ordering)

Order the c@rd™, and you can truly Forget Your Passwords.

(Please read the ORDERING NOTES section at the bottom before checkout)

Why did you make it?

The c@rd™ was inspired by a few of my loved ones and friends, whose email accounts were hacked not once, but twice, in the space of a few months. Everyone I knew used both simple and predictable passwords, and used the same ones (or minor variations thereof) for every web account.

I thought to my self: there has to be a better way to make more complex and secure passwords that anyone can use.

As a computer professional, I know how hard it is to manage all the passwords in one's daily life. So I thunk and I thunk until my thinker was sore: how can people make better, more secure passwords, and how can they possibly remember all those secure passwords for all their different devices and website accounts? Then I realized the solution: not to remember passwords at all.

What makes it special?

The c@rd™ is the simple, no-batteries-required, always in-pocket solution to making hard to guess -- but easy to recall -- passwords, for all your accounts. Unlike smartphone, PC-based or (heaven forbid) cloud-hosted password wallets, carrying a c@rd™ means you always have access to your passwords just by remembering one simple rule. Look up your password using your own private rule, and you'll never have to remember a complicated password again.

How Does It Work?

Each c@rd™ is absolutely unique and printed on demand, seeded using three quantities: a unique user ID (incrementing serial number, your email address, or other ID unique to you), an 'issue code' (which can be incremented to offer a replacement whilst preserving the same user ID), and a private issuing authority ID. Only the user ID and issue code are printed on the card. All three quantities are used as input to the SHA256 hashing algorithm to create the unique digest which then feeds into a strong pseudo-random number generator (Mersenne Twister). Due to the nature of the SHA256 hash algorithm, there's no danger someone could generate a copy of your c@rd™ knowing just your user ID and issue code, or even by examining the symbols of many other cards -- all three seed quantities must be known in order to generate one.

Artwork for each card is also keyed to the unique seed so each has a distinct look! (Custom artwork may be specified, contact for special arrangements when ordering.)

Even if someone steals your card, they won't know your secret rule. Your passwords gain complexity from being composed of two sources: something you have (the c@rd™ itself), and something you know (your own, personal lookup rule). Easily order a new one with a new issue code to get a whole new set of passwords if your c@rd™ is ever lost, stolen, or considered compromised.

The c@rd™ can be used in other ways, for you to discover, perhaps not so simple... ;) Order two with the same keying and exchange secret messages with your co-conspirators... fun for kids and grown-ups alike ;). (NO, I am not seriously proposing this as secure encryption. Note the word 'fun'. Please don't use it that way for important things. :p)

Features

• Cards are keyed by unique user ID (a pre-generated, unique serial #, email address or other ID); an issue code, and a (non-visible) issuing authority ID.
• Each column guaranteed to have at least one upper- and lower-case letter, digit and punctuation to meet strictest IT password policies
• Simple example instructions included for generating static or rotating passwords for corporate networks (but you should definitely think up your own rule!)
• Durable laminated card resists rough handling
• Water-resistant
• Scratch-resistant
• Flexible
• Credit-card sized - fits in your wallet or pocket
• Colourful, unique artwork, algorithmically-generated depending on card key -- each one is distinctive!

WHAT THIS PRODUCT PROVIDES (and what it DOES NOT)

• This product DOES NOT provide 'two-factor authentication' in the formal sense that there is no challenge/response, independent of generated passwords, to prove to systems that you actually possess your c@rd™. That would require a trusted authority to know something about each c@rd™ and actively challenge the user outside of the password itself, to provide some response proving possession of the item.

• It however DOES provide a handy mnemonic aid to generate a wide range of complex passwords from two fragments: one being your own unique rule, the other being your unique c@rd™, which when combined yield passwords which are: non-memorable, complex, an adequate minimum length, and different for (nearly) every account you use.

If your organization requires the higher security of true two-factor authentication, this product is not for you. If, however, you're just looking for a way to get users to stop being lazy about using short, predictable passwords, re-using the same password everywhere within the company (or, your company passwords outside the company), or forgetting those passwords all the time due to (legitimate) modern password complexity requirements, this is at least a step above just setting policy and praying people don't work around it in all of the common ways. Finally, it gives employees a way to 'help themselves' to recall passwords and stop needing IT to reset them so often.

It's a way to provide 'better' password security than what people typically come up with on their own: it isn't 'perfect' password security, and is highly dependent on how well one chooses their rule.

Think of password hackers as a bear, and your passwords as hikers. You don't have to outrun the bear, you just need to not be the slowest hiker... if your passwords are more complex and diverse than the average, you won't be the most vulnerable if an entire password database is compromised and hackers are attempting to brute-force crack the whole lot. They'll likely stop once they have cracked the easiest ones.

[Technically, nothing can save your password if the database stored it improperly.. but at least you haven't re-used that password on your other accounts.]

For a slightly more technical discussion, please see this document.

IMPORTANT ORDERING NOTES

If you choose the "Email address" or "other ID" option, and you're ordering multiple c@rds, please list the emails or IDs exactly as you want them to appear on each c@rd™ in the Additional Instructions box prior to checkout. (Obviously these can't be pre-generated as with serial numbers, so shipping may be take a day or so more). Thanks!

ORDERING REPLACEMENTS

If you are ordering a replacement due to loss or theft of your c@rd™, please specify in the Additional Instructions your original email, serial # or ID, and mention that you need a new issue number -- that way you'll get a new c@rd™ with a new configuration, so you can re-secure all of your passwords. (See the instruction sheet on the Documentation link to the right for more information.)

§ The c@rd™ is patent pending (CIPO appl #2,895,597).