Saturday, July 21, 2012

Password Management

The Problem:

  • Using the same password on multiple websites is known to be insecure.
  • Creating and remembering a different password for every website is difficult.

Solution:

My solution requires remembering two pieces of information:
  1. A single secure key.
  2. A simple string hashing function.
When registering for a website, generate your password by applying your hashing function to the domain name of the website (ignoring the top level domain) and append the output of that to your secure key. VoilĂ , you now only need to remember O(1) bits of information instead of O(N) to register N websites.

Example:

Step 1: generate and remember a single secure key. Let's say my key is now "0vDga5"
Step 2: generate and remember a string hashing function. Here is an example of a function to create a three character hash:
  • Character 1: The first letter of the string.
  • Character 2: The length of the string.
  • Character 3: The last letter of the string.
Now when registering an account on the following websites, my password would be:

gmail.com: 0vDga5g5l
imdb.com: 0vDga5i4b
a.ca: 0vDga5a1a
subdomain.domain.xyz: 0vDga5d6n
Post a Comment