GridPass - printable password lookup table generator

This shell script uses LaTeX to generate a PDF with a table of randomly generated passwords in a nice tabular format. This table can be used to easily choose different, random and secure passwords for various online accounts. Such practice is effective at reducing security risks imposed by usage of insecure (what is secure?) web services (just take a look at recent password leaks from linkedin and lastfm for example). REMEMBER to always BACKUP multiple copies of the generated PDF in order to not lock yourself out of all of your accounts by losing a single sheet of paper! ;)

A nice screenshot with default options follows (./gridpass.sh OR ./gridpass.sh -c 10 -r 40 -l 8 ):
Fun fact --- this picture was generated with: 
$ gs -sDEVICE=pngalpha -sOutputFile=gridtest.png -r144 gridtest.pdf

General use-case is as follows:
  1. you're filling a registration form, which requires you to choose a password
  2. randomly choose one password from the table and memorize the column and row coordinates or write them down on a piece of paper and store securely
  3. complete registration by entering the password you've chosen

By having a sufficiently large amount of passwords in the table (400 by default in this script), you can also take a look at the table at public places where someone could be peeking over your shoulder - you just locate the right col and row with your eyes and type it in (however, beware of keyloggers on public PCs).

Such table could also be used as a two-factor authentication token - similar to a grid card commonly used for internet banking purposes. You just have to find a way to store the generated table on auth server and you're good to go. You can also provide your own password generator if you'd like --- by default, pwgen(1) is used.

Script has some sane options built-in (pwgen(1) as generator, 400 passwords, 8-character length, secure and without ambiguous characters), you can optionally set them via command-line options (get them with ./gridpass -h or whatever) or in ~/.gridpass (automatically generated if it doesn't exist). It outputs LaTeX source code to STDOUT if no filename argument is given or generates a PDF file with pdflatex if you provide a filename. You can also redirect STDOUT to a file and compile with your own set of commands (or do whatever else you'd like to). Also, if the columns in your configuration exceed the paper size when compiling into PDF, the script will give out a warning so you can try to reduce column count until it's OK.

GridPass can also generate a title with its "-t" command-line switch (by using LaTeX's \maketitle command). It simply gets you full name from /etc/passwd or username if full name is empty and prints it out along with password info (how many passwords are there in total and their length) and current date. It may be useful if printing table for more people, so they don't get their tables mixed up --- then you can also use the "-u [username]" parameter for specifying whose table this is. However, this title "feature" takes up quite a lot of space.

Source code is available at my github repository and distributed under GPLv3 license. Feel free to post some feedback or improvement ideas.

1 comment:

  1. When we do security audits for companies, we get asked a lot how to operate passwords. I tell them to use a password manager because they have tools built in them already to help keep all employees from existence vulnerability spots in the system.

    ReplyDelete