they don't gain access to your bank account and your money as well. But, on the other hand, who would like to come up with dozens and dozens of different passwords? Moreover, if you ever lose access you key chain, how can you recover all your passwords?
`scat` is the solution to this problem. It allows you to safely generate for each website or service you suscribe to a unique password. All you have to do is remember a single, as strong as possible, password and, optionally, securely keep a long random code.
Passwords generated by `scat` are very secure and independant of each others. If by misfortune one of the generated password is compromised, all other passwords are still safe, and so is the password you used to generate them.
`scat` is a secure password generator. It does not replace your favorite secure key chain, but it should be seen as complementary to it. Use `scat` to generate a different password for each of the service you suscribe to, and use your key chain (such as [pwsafe][pwsafe] for instance) to keep the generated passwords.
However, as `scat` is fully deterministic, you can simply call it once more, to generate once again the exact same password, this time from another computer.
> **CAUTION** `scat` is not an excuse to use a weak password such as `pony1234`. Try to always use a strong password (that you can remember) with `scat`.
Using an extra code is completely optional but adds even more security to the system. If you want to have this extra security, just proceed as follows!
There are many ways to generate and store a suitable code. For instance, you can use a key such as [those provided by yubico][yubico-key], which can [generate and store static keys][yubico-static]. Be sure to use the maximal key size!
For this, all you need is two dice that you can differentiate (one red and the other black for instance) and a small piece of paper (for instance of credit card format).
For 25 consecutive rounds, throw the two dice, lookup the result in the table below and report it on the piece of paper.
You may want to put a dash between the various results, or any other separator, to increase readability.
Yet another solution would be to get a set of cards (a deck of 32 cards is sufficient). Shuffle it for some time, and then shuffle it again, just to be sure. Get a piece of paper and note down the order of the cards, using an abbreviation for each card. For instance, you can use `KS` for for the King of Spades and `10H` for the 10 of Heart. You can now either keep the piece of paper securely with you, or keep your set of cards in the same order always in your bag and starting over when you need the code!
If you still have access to the key chain on your computer, no big deal, just generate a new random code and change all your passwords when convenient. If you have ever lose your code, the only consequence is that you can not re-generate a previously generated password.
Now, if you lose access to both your key chain and your code, all your passwords are definitely lost. Sorry.
knowing which schema you used and able to test a billion password per second would have to wait approximately 50 million times *the age of the universe* to
guess your password correctly. So it's pretty safe.
Now, let's imagine for a second that an attacker gets to know one of your generated password.
This is pretty bad, but not as bad as having a single password. Imagine for a second the disaster if your attacker could directly access all your accounts!
Knowing a single generated password won't help your attacker much, it is still practically infeasable for them to get to your original password, so all of your other accounts are safe!