(please fix this if i am doing it wrong)
I can't quite make it fit the theme, but it seems more potentiall useful than my "count your blessings" idea.
This is a tough call as I am gone abroad for the holidays, but I figure I ought to be able to fall back to a web based service option.
Application Name | Permanent Persistent Toothbrush (codename, for now) |
Version | none yet |
Short Description | Phase 1: generates passwords that are both strong and easy (for 1 person) to re-create. |
Supported OSes | not sure yet, could be web based only |
Download Link | |
Author | |
The premise:We all have to come up with a phenomenal number of passwords both online and offline. More than we can remember. Current solutions are:
1) use the same 2-3 usernames and 2-3 passwords. Rather insecure in that once someone has one
2) use a strong password generator, and store these in a password manager. More secure but has a single point of failure
3) central ID systems like openID - great, but not widely used
I always preferred finding passwords that were easy to remember/trigger but strong. Then all I would need is a reminder manager - no need to store my passwords, just reminders that are only useful to me.
The key idea is that we remember sentences and stories far better than we remember random combinations of characters. And we remember patterns/processes fairly well too.
I will give an example - say I am joining the book site librarything.com and I need a password.
I start with the trigger "book", the program will then find a poem or quote about books (if it can) in its database (not sure whether i will store it all or use openly available content sites online in the background).
Books to the ceiling
Books to the sky
My piles of books are a mile high
How I love them
How I need them
I'll have a long beard by the time I read them
~Arnold Lobel
or
Outside of a dog, a book is a man's best friend. Inside a dog, it's too dark to read -- Groucho Marx
Now several passwords can be generated, but by either taking a sub sentence or first letters of words, swapping 2 to numbers and swapping 2 to upper case, you have a strong password.
And strangely enough, it is easier to remember this whole sequence than it is to remember something like "1aD1tDtr" or "Ih4lbbttIrt", and a trigger such as "outside of a dog" or "books to the ceiling" can be all you need even after not using it for a year.
The name comes from a memorable quote:
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
The plan:Phase 1: password + password reminder generator
- keyword/topic based database of quotes and poem
- supports contraints such as length, number of uppercase or digits required
- option to search online in open content
- supports the option for multiple language-specific source databases
- can save and export lists of generated passwords
Phase 2: reminder manager
either: (maybe, not happening within NANY): web widget to show password reminders on website log in forms - javascript bookmarklet perhaps?
or: (maybe, not happening within NANY): modification of open source password manager to be a reminder manager.
Feedback more than welcome, even if it is "don't bother, already been done, cant be useful"