The Secret to Hack-proof Passwords Is…A Keyring

Steve Messer
3 min readJan 16, 2018


Still from Hackers (1995)

Password management. It’s the bane of a digital life. Can you remember a time when it wasn’t a hassle? Probably not, but these days when we’ve got multiple accounts to manage, and when the skills to learn how to hack are so easy to come by, a decent password manager could be a saving grace.

Back when I was a script kiddie in the late 90s, a young boy with an internet connection, hacking seemed like the coolest thing. I devoured forums for white-hat hackers, downloaded and studied archived BBS boards, and idolised Zero Cool, the cyberpunk protagonist of Hackers. Amongst all the bitmap graphics, the leather trousers, the exultation over a 28.8bps modem and teenage sexual tension in the film was a key lesson: don’t use simple passwords or digital natives will run amok.

So now that third-party scripts are reading your autofilled passwords and your password could be on a list of 320 million that were compromised, how can one sort out their cybersecurity?

A lo-fi solution

The p@ss Mark II (📷 N-O-D-E)

The p@ss Mark II password generator is small fob that fits on your set of keys. Four steel rings host a series of letter, number and special character combinations. By aligning sets of these combinations, you can generate and recall a password for any account, without the need for software.

It’s best used by coming up with a rule to generate passwords. For example, if you need a key for your email, simply line up the letters E, M, A, and I. Your password will be E:9M/A.1I:$. Or you could go one step further, choosing to only capitalise certain letters in the string – only vowels maybe. Finally, you can add these seemingly random characters to your current password, for a bit of added security.

Russtopia Labs, the maker behind the gadget, has created eight individual rings but supplies each order with only four. These can be arranged in any way you choose, and taken with you wherever you go.

It’s really simple to use and, as it’s offline, is much less prone to modern forms of attack. Of course, it’s not foolproof and is still prone to attack, but so is everything. But when I showed it to our sysadmin, they admired it for its simplicity and disconnected nature. I’ve been using the p@ss for 6 months now and find it really handy when moving between devices.

When online services are being toppled and techno-cinema history teaches us that simple passwords aren’t good enough, it’s an alternative way to stay secure.

Disclaimer: Nothing is hack-proof. Not really. You might be able to generate more algorithmically complex passwords with software, but they can all be figured out eventually.

Enjoyed this post? Tap 👏 to let your friends know