What is "Multi-Factor Authentication"
 . . . and why might you need it?

Almost without exception, today's Internet users prove their identity online using a fixed account name and password. In the past, this simple system provided sufficient security. But with the growing popularity of online banking and eCommerce, the value of stealing online identities has skyrocketed. And the increasing presence and "spyware" and "malware" on innocent users' computers means that users can be "watched" while logging onto their banking and other eCommerce sites. Once their logon credentials have been "captured" and stolen, Internet criminals can easily assume their identity.

The trouble with a username and password is that they never change. We create them, write them down or memorize them, then use them over and over again. What has been needed is an inexpensive system that provides something which changes everytime it is used. GRC's Perfect Paper Passwords system offers a simple, safe and secure, free and well documented solution that is being adopted by a growing number of security-conscious Internet facilities to provide their users with state-of-the-art cryptographic logon security.

• The form above defaults to, and these PPP pages describe, the "PPP Standard" system based upon 4-character passcodes drawn from a 64-character alphabet. Since this yields nearly 17 million possible passcodes occurring in a cryptographically unpredictable sequence, it delivers a highly-secure balance between security and convenience.
• By providing a 64-character hexadecimal sequence key and other optional customizing data, this page may be used to generate and print valid passcards for use with any compliant PPP implementation that lacks its own passcard printing facility.
• Many free and open source implementations of this PPP system are currently available, and more are on the way. GRC offers a complete and free (though not open source) PPP CryptoSystem implementation for Windows platforms, and other open source solutions are already available for Windows, Mac, Linux, and Java-equipped cell phones. The "PPP Software" page provides further details.
• GRC employees are using this system to enable their own secure roaming access to GRC's private corporate network.
• One of the values of this system compared with hardware authentication credential tokens, is that it supports fully local "TNO" (Trust No One) authentication without relying upon any third parties or third-party relationships. This PPP secure authentication system will appear in GRC's future commercial "CryptoLink™" product to offer secure roaming access features to individual users and corporations.
• Everything is free: (Although GRC's code is not open source.) To further document and promote the use of this system, GRC has made a Windows implementation of the entire PPP CryptoSystem freely available for download and use. It is our sincere hope that other Internet sites and services will adopt this, or a similar system, to help protect Internet users by employing secure authentication technologies such as this.