Improve Your Password Security
The Naimuri password card is a simple, low tech solution that contributes to your password security.
How to use the card
The Naimuri password card is a plastic card that contains a standard 'qwerty' keyboard, with a random secondary letter in black on each key. Each card is unique.
 

Step 1 - Think of a secure, memorable password.

Step 2 - Substitute each letter of your memorable password for the black letter in the corner of the keyboard key. This becomes your new, stronger, scrambled password.

Step 3 - When you need to use your password you only need to remember the original, memorable password. You can use the card to recall the scrambled, more secure version using the same substitutions as in step 2.


For example, say you chose the password: "Perpetual"

Use the keyboard on the card to spell it and substitute each letter for the black letters on the card.

So, using the card shown, the password "Perpetual" becomes "Okfokwgcp". Your card will give a different result.


 





NOTE: THIS PASSWORD IS SIMPLIFIED FOR THE PURPOSES OF THE EXAMPLE. WE RECOMMEND YOU USE A COMPLEX, LONGER PASSWORD. KEEP READING FOR MORE INFORMATION.
How the card helps
When somebody tries to guess a password, there are several methods of doing so. One method, known as a 'brute force attack' simply tries every possible combination of letters, numbers and symbols until they guess or 'crack' the password.

In this attack scenario, all guesses are considered equal and a long or complex password could take a long time to guess, even with a very powerful computer.

In reality, however, an astute attacker knows that in order to remember your password, it is much more likely that you used real words in your password.

For this reason, instead of guessing every possible password, they will use combinations of dictionary words with common substitutions (such as substituting the letter 'E' for '3') to try to crack your password. If it's a targeted attack, it's likely that words, phrases, names and places relevant to you would be included high up in the list of words.

This is known as a 'dictionary attack' and is the main threat that the Naimuri password card is designed to protect against.

Put simply, by making your password long and random, it is harder to guess.
 
Frequently Asked Questions
 
I'm using this card, so I'm safe... right?
No. Unfortunately there is no easy or guaranteed solution for password security or security in general. In fact, there are many password options which are more secure than this card. Examples include: using a good password manager and a unique auto-generated password for every account and enabling 2 factor authentication where possible. For more information on good passwords, keep reading.
The aim of this card is to provide a low-tech, simple way to improve your security, and it is just one option.


 
Does this mean I can reuse the same password across accounts?
We recommend that you never reuse passwords across your accounts. This is because if one account password is compromised by an attacker, they will try the same password on other accounts.

Because we're human and most people can only remember between five and seven complex passwords, some security experts believe that it's acceptable to reuse the same passwords across less important accounts, i.e. those that contain no personal information or access.

This isn't the most secure method of managing passwords, but if you choose to do this, we suggest incorporating the name of the account or something about the account into your password, but scrambled with your password card. This will give an added layer of security as an attacker would still need to have your card to use a compromised password for another account.


 
What if I lose my card?
Each card is unique and, for security reasons, we don't store each card or who owns it, so unfortunately there is no way to recover it. It's a good idea to use a really strong password that you can remember without using the Naimuri password card for your primary email address, because you can recover most online accounts using the 'forgot password' method as long as you have access to your email address. Alternatively, make use of your email providers recovery options.

If you do lose your card, change your passwords immediately


 
What do you mean by a strong password?
There is a lot of research and advice about creating secure passwords and many experts believe passwords should be replaced altogether. Essentially, the basics are:

Don't use anything obvious or personal that somebody could guess with research (names of loved ones, pets, street you grew up on, favourite teams etc.).
Use complex combinations: mixed case letters, numbers and symbols.
Avoid common substitutions (E=3, A=@ etc.)
Make your password long. Many online services will insist on at least 8 characters, but if you go for 12 characters or more, your account will be more secure. Basically, the longer, the better.

Advice on passwords varies so it can be confusing. You need your password to be random and long, so it can't easily be guessed.
For more information, see the links below.


 
Does this mean I can write my passwords down?
We recommend that you don't write your passwords down. If you need to store it, you should use a secure password manager. If you do choose to write it down, don't write down the scrambled version. And don't keep the written passwords with your devices or wallet or this password card!

 
I don't have a card, but I really like it and would like one. How can I get one?
Currently, we're giving them out to friends and partners of Naimuri. We will likely be handing them out at conferences we attend, so look out for us. If you want to speak to us about the card, drop us a line at askus@naimuri.com.

 
Further Reading
 
If you'd like to know more, or still have questions, here are some places to look...

Cyber Aware - This is a government website aimed at educating people about cyber security, including passwords.
National Cyber Security Centre - The government cyber security authority, part of GCHQ. Their website offers advice and guidance on cyber security.
Naimuri Blog - Keep an eye on our blog for guidance, insights and thoughts on security.
Get Safe Online - An independent organisation offering advice and guidance on everything security.


If there's still something you'd like to know, just ask us at askus@naimuri.com






About us
 
We exist to create a world where any organisation can achieve perpetual forward motion and continuous competitive edge. Our dedicated approach to technology services, cyber and information security services and business change consultancy can help you achieve this through ever-evolving technology, culture and processes.

Find out more on our main website >>