If
you use the same password on multiple websites, your may be in for some
trouble.
Say your password for website badwebsite.com is
the same as the password for goodwebsite.com. Now if the websitebadwebsite.com gets
compromised (or the owner is malign to start with), they’ll know your password.
Chances are that your username is the same (email address) for both websites so
the badwebsite.com people can can easily log in to your goodwebsite.com account
and impersonate you.
Yeah, there are quite a few reliable Password Managers that
serve as a strong room for your complex passwords but that they require you to
install specific software on the computer. What do you do when you want to
check your web email on a different computer where you do not have your
security tools installed and you do not remember your secure, random, email
password?
In addition, I doubt you can memorize all your passwords for
each and every website, if they are secure from brute-forcing and unique, that
is.
Write your passwords down on a paper
What I am trying to solve is to give users a simple way of
generating strong passwords unique to every website they visit using just a
piece of paper, credit card-sized, that you can carry in your wallet.
What you need is just a piece that has a unique (per card)
combination of secret letters to help you create a unique password for each
website. You may use the RAND() function in an Excel spreadsheet to generate
unique password cards.
To create a password, take each letter of the
website you want to create a password for and then take the corresponding code
from the table. For example, if you want to create a password for
www.amazon.com, it would be:
1st letter is a – > a (Column 2, Row 1)
2nd letter is m – > jv (Column 7, Row 2)
3rd letter is a -> AN6
4th letter is z -> xs7
5th letter is o – > enb
2nd letter is m – > jv (Column 7, Row 2)
3rd letter is a -> AN6
4th letter is z -> xs7
5th letter is o – > enb
So the password for your Amazon website becomes ajvAN6xs7enb.
You can optionally (make sure you do this with all your
passwords) intertwine the generated password with a memorized password – it
could the city name where you were born, your childhood hero, name of your
favorite author or anything memorable.
For instance, if you were born in Philadelphia, the password
for Amazon.com would be ajvAN6xs7enb intertwined with Philadelphia: PahjviAN6lxs7aenbdelphia.
This would ensure that your identity consists of something you know
(Philadelphia) and something you have (the paper password card).
Even if a malicious administrator of website badwebsite.com retrieves
your password for that website, they cannot impersonate you on say PayPal or
Amazon because you aren’t reusing passwords anymore.
It is a bit cumbersome to use if you had to use it to type
in passwords each time, but when used in conjunction with your everyday “remember
password” feature found in every browser, you get extra security at the cost of
just tiny real state in your wallet.
Security involves trade-offs, in this case is between
usability, portability and robustness against collusion or more sophisticated
attacks. Arguably though, for a vast majority of people, this is more realistic
than carrying an electronic password generator.
No comments:
Post a Comment