You may be familiar with the idea of Quertycards - essentially, a credit-card-sized substitution cipher that you can use to create strong passwords by combining the cipher with a fixed salt (the "space-bar code") and a dynamic salt ("your secret").
Quertycards are a neat idea. I wanted to be able to make my own and try it out without having to drop the five bucks and wait for shipping. You can skip the discussion and just try my implementation by dropping to the form below.
I immediately saw a couple of usability weaknesses with the basic product.
The fixed code is too long; many sites have a length limit on their passwords, as little as 8 characters.
The fixed code contains symbols. Many sites require passwords to be strictly alphanumeric.
Having a single physical artifact by which your passwords could be recovered seemed like a terrible idea.
To address these problems, my implementation differs from Quertycard's in the following ways:
"Space code" is strictly alphanumeric.
Substitution has alphanumeric alternatives.
Fixed code is 6 characters. (Entropy: 35.72 bits) In constrained password situations, down to eight characters, you take the difference between the maximum characters and 6, and divide that space evenly between your secret and the encoded site name.
A passphrase is required to generate the cipher and space password.
Source is reasonably small, well commented, and is everything below res/. Stuff below lib/ is not my work.
You can now print this card by pressing <Ctrl+p>
If you generated the password, you can copy it to put it somewhere safe by hovering your mouse over it.