idee | start

Cypher your passwords ...

... and get two-factor paper passwords

Is this really serious???

No .. and yes ... and it depends.

Of course ... please consider a password manager first. No question!

In any case: Make sure not to use the same account name and password combination for each website.

However, people tend to write down their passwords (or even worse: all in one "place") ...
...what if that "place" gets stolen?

For those the following might be interesting ...

What is two-factor authentication (in general)?

It is an authentication method based on the combination of two factors:

A good everyday-life example is your (PIN protected) debit card:

What are two-factor paper passwords?

The idea goes back to this blog post by John Graham-Cumming:

Two-factor paper passwords are save to write down. They might be considered as a means for an off-line, non-digital password manager. They reverse the scheme described above:

CypherMe helps (de)cyphering without storing. Short example:

This is only a short and probably not very good example (especially as it is lacking special characters) ... So do better ... please. But now you could safely write down the initial password and remember (keep secret) the transformation.

In order to avoid repeating the same password for several sites you might consider replacing "MySecretPw" with something corelated to e.g. each site. Or consider using the Viginére cypher with one (always the same) password and (changing, but easyly remembered) keys related to the site/service the password is for.

What two-factor paper passwords DON'T do:

They do NOT protect against disclosure of the final (encrypted, typed in) password.
That is where real two-factor systems such as Google Authenticator come in.

What about this "app"?

Open source: Source Code


Data usage & privacy:

Status: More a side project by daten&bass and never, never a serious substition for a thorough password manager ... but it is better than writing down passwords or using the same login password combination for all websites (if it leaks once, it might be used everwhere else). DON'T do that. Especially protect/differentiate your password to your email account!

Example usage

As stated above: Please consider using a password manager first ...

As always: Follow rules for good passwords (e.g. use upper and lower case, numbers and special characters ...)

Remember: Although using "encryption" mechanisms here, the primary aim is not only to have strong encryption, but also as many and as random digits as possible ...

And of course: Don't use these examples ...

Example 1:

Example 2:

Example 3:

Example 4a:

So e.g. you might want to consider using one (fixed) password and as (changing) keys something related to each website.

Save to write down, different passwords for each website and yet easy to remember:

Example 4b:


Caesar & Vigenère: Only letters will be transformed.

Vigenère: The key only uses lower-case digits. Others will be filtered out and not used.

Reverse Word & Reverse Word: The order of the whole word (all digits of any kind) will be reversed.

* English only *

(This text section is only available in English)