A password generator I can remember

I want a password generator that I can remember. In most cases I will have my phone or computer that can be used to regenerate the password. However, I don't want to be so reliant on these tools for this. It would be great if I had a system that worked outside of the virtual world too. I want to be able to regenerate the password with pencil and paper if I need to. What I need is a substitution cipher and a secret or two.

For example, lets say the secrets about the password are that 1) it uses the substitution cipher on the domain name and 2) appends a memorable suffix. For example, for "yahoo.com" the substitution cipher is "012330331", the suffix is "MainSt", and so the password is "012330331MainSt". This is a fairly good password. It is not a dictionary word and it contains a mixture of numbers and letters of different case.

The cipher is made by arranging the letters of the alphabet in a grid. The substitution is had by finding the letter in the grid and recording its cell position – choosing the x and y or perhaps just one dimension as done here. Any character not in the grid is replaced with 0. The grid used for the cipher above is


The grid is 4 rows of 6 columns with the alphabet filling the cells from left to right and top to bottom. The column numbers are the substitutions. This is not a very good substitution cipher, however: It is shown here simply to have a clear example. The following grid is better as the alphabet fills the cells in a non-obvious way but, for me, easily remembered.


The "yahoo.com" substitution is "012440243".

A hacker might try using a substitution cipher on your password but it would take them up to 40,353,607 guesses – there are 7 replacement numbers (0 through 6) multiplied by the number of characters in the domain name (9), eg 7^9 -- but they still would not have the secret suffix. Further, well before 40,353,607 login attempts Yahoo! would have locked out the account.

I am not sure if I will use this technique just yet. It has all the characteristics I want. It is also easily coded as a bookmarklet or web application and an iPhone application.

If you know of similar password generators or better ones please send me a note.

Update: I like the ideas behind the password card at http://www.passwordcard.org/