DonationCoder.com Software > N.A.N.Y. 2009

NANY 2009 Withdrawn (sorry): Iphi's Memorable Passwords

(1/4) > >>

iphigenie:
(please fix this if i am doing it wrong)
I can't quite make it fit the theme, but it seems more potentiall useful than my "count your blessings" idea.
This is a tough call as I am gone abroad for the holidays, but I figure I ought to be able to fall back to a web based service option.

Application NamePermanent Persistent Toothbrush (codename, for now)Versionnone yetShort DescriptionPhase 1: generates passwords that are both strong and easy (for 1 person) to re-create.Supported OSesnot sure yet, could be web based onlyDownload LinkAuthor 
The premise:

We all have to come up with a phenomenal number of passwords both online and offline. More than we can remember. Current solutions are:
1) use the same 2-3 usernames and 2-3 passwords. Rather insecure in that once someone has one
2) use a strong password generator, and store these in a password manager. More secure but has a single point of failure
3) central ID systems like openID - great, but not widely used

I always preferred finding passwords that were easy to remember/trigger but strong. Then all I would need is a reminder manager - no need to store my passwords, just reminders that are only useful to me.

The key idea is that we remember sentences and stories far better than we remember random combinations of characters. And we remember patterns/processes fairly well too.

I will give an example - say I am joining the book site librarything.com and I need a password.

I start with the trigger "book", the program will then find a poem or quote about books (if it can) in its database (not sure whether i will store it all or use openly available content sites online in the background).

Books to the ceiling
Books to the sky
My piles of books are a mile high
How I love them
How I need them
I'll have a long beard by the time I read them

~Arnold Lobel

--- End quote ---

or

Outside of a dog, a book is a man's best friend. Inside a dog, it's too dark to read -- Groucho Marx
--- End quote ---

Now several passwords can be generated, but by either taking a sub sentence or first letters of words, swapping 2 to numbers and swapping 2 to upper case, you have a strong password.

And strangely enough, it is easier to remember this whole sequence than it is to remember something like "1aD1tDtr" or "Ih4lbbttIrt", and a trigger such as "outside of a dog" or "books to the ceiling" can be all you need even after not using it for a year.

The name comes from a memorable quote:

Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
--- End quote ---

The plan:

Phase 1: password + password reminder generator

- keyword/topic based database of quotes and poem
- supports contraints such as length, number of uppercase or digits required
- option to search online in open content
- supports the option for multiple language-specific source databases
- can save and export lists of generated passwords

Phase 2: reminder manager

either: (maybe, not happening within NANY): web widget to show password reminders on website log in forms - javascript bookmarklet perhaps?
or: (maybe, not happening within NANY): modification of open source password manager to be a reminder manager.

Feedback more than welcome, even if it is "don't bother, already been done, cant be useful" :D

iphigenie:
Note: This is very much an exercise for me, and not that easy, as in the past 2 years I have mostly told other people what/how to build applications, and not written much myself beyond refactoring, I dont know how to start something from scratch anymore! I have no idea where I am going with this at the moment, hopefully having taken a step I will force myself through that feeling of reluctance into actually doing something, even something ugly.

Even though I am unlikely to take a job where I am that hands on anymore, it's good for me not to loose touch.

Perhaps I should call it Persistent Toothbrush - a more geeky name :D

iphigenie:
I will try to post my progress/ideas/thoughts here - this is because I learn a lot by doing, and reading of others doing - and I learn most by my mistakes. But most tutorials, work diaries etc. are expunged of all the dead ends, mistakes etc.

I figure all my mistakes will probably be more useful to someone than my final solution (I have no illusion of being anything special when it comes to produced code), and besides, if I don't finish anything at least I will have shared something :D

Oh and any comments increase motivation  :-*

app103:
Rather than a quote or poem, I like using lines of lyrics from obscure songs.

And there are plenty of lyrics databases on the web that you could draw from, with many of them accepting user submissions and expanding in size, daily. You will never run out of song lyrics to base them on. A lot of them are even used in various media player plugins to display lyrics of currently playing song.

You could start with a base word(s) supplied by the user, and find songs containing that word in the title. Allow the user to select a song from a list and load the lyrics, and at the end of every line, present a password made from that line of lyrics, color coded from red to green, representing the strength of that password.

This will give the user a lot of choices from a single song and show them how good one phrase is over another.

And here is another name idea, based on the song lyrics concept:



edit: attached image + name idea

Perry Mowbray:
What a great idea: and you're right, I use RoboForm but the main entry point would be easy to break.

I need a little clarification though: after selecting the Title/Lyric/etc is there only one possible password returnable? That is, do you set up a generation rule, like:

* Pattern: aANSNNAA
* Min Characters: 6
* Max Characters: 8
* Repeat: True
and your selected phrase, etc is passed through that rule to create a password??

Navigation

[0] Message Index

[#] Next page