In my first post, The password as a security token – Concept, I discussed using a password as the “what you have” part of two-factor authentication. Today, I’ll outline how to implement a simple way to do that.
First, create a strong password at least eight characters long. It doesn’t have to be easy to remember because you will write it down and carry it with you. You can use GRC’s Ultra High Security Password Generator to get some really random characters like these: tyL&FG.3
Write this password down and carry it with you. This is your token.
Now, you simply create new passwords or change your existing ones to include the token at the beginning or the end. Your new passwords need not be more than four or five characters long and can be something that you’ll easily remember, or you can safely write them down.
You could also have more than one token, perhaps one that you use only for your financial accounts and one that you use for email.