Wednesday, 3 April 2013

Creating dynamic account passwords

Creating dynamic account passwords

One of the worst things with the online world is passwords. Not just that you have to have a password, but that you have to have one for almost everything nowadays. And worst yet it that everything should have a different password(not that most people do). And when you do a different one, you can never remember which one you used where.

The thing is most people do reuse the one(also crappy) password they have[1], this means that if someone were to crack your password they would get everything, provided they can find where it is used. The reason why people do it is because a strong password is damn hard to remember without writing it down, since it contains: Uppercase, lowercase, numbers and special characters. and resembles something like :2cf@#dba5Fb0, no one will remember a password like this, let alone one for every site. Instead people will opt for a more comfortable approach. This is probably the reason why to most common passwords last year were:
  • password
  • 123456
  • 12345678
  • jesus
  • ninja
  • mustang
  • password1
And sometimes to "strengthen" it they add some numbers at the end(usually there birthday). Turning ninja into ninja24. To a computer that added almost no extra complexity.

But what if I told you that creating a different secure password for every site is quite easy? In fact you don't even have to remember you password. You are going to have to remember a few things, since what we're going to do is re-generate your password every time you use it. To do this we require two things, the two things you'll will have to remember. A pass phrase(think current password) and a formula.

How does it work?

Every time we log into a site we use our passphrase + formula to create our password. The formula will ensure our password is different every time, the pass phrase ensure that we know the key to generate it.

The formula stays the same all the time, however everybody can use a different formula. Im going to show you how a formula works and how you can create your own simple formula that you can use.


Going through the formula

So the formula is simple in that we are going to generate a set of Strings or characters and add that to our existing one.

For this example I'm going to generate a password for Facebook.

So the first thing I need is a pass phrase, now I suggest you look up a word in a dictionary then generate a random number from 10-100 and use that. For this example lets go with the pass phrase cold25.

So lets first check how strong cold25 is.
PasswordMeter :30%, Weak.
Secure Password : 0.54s to crack
Strength Test : Very Weak
MS Password Checker : weak

Step 1
So that pass phrase is crap. But we're not going to use it as our password. So lets make it more secure first lets take the first phrase of the website(or the last, or the whole) and stick it to our pass phrase(or the end, or the middle of after 2, or 5), I'm going to stick it on the back.

Step 2
That gives us cold25Face. Already better plus every site will have a different password! but the "Face" kinda gives away a hint :/. So lets shift our keys a bit, so now when you type "Face" move your fingers 1 to the left or right, or up, or down, or cycle through them(you can also use the values of your numbers as well). Lets go to the right:

if you reach an edge you can make your own rule either wrap around, move back or stay or whatever

The result: cold25Gsvr
Lets see how strong that is

PasswordMeter :72%, Strong.
Secure Password6 billion years to crack
Strength Test : Reasonable
MS Password Checker : Medium
Already looking much better and for that extra computing complexity we didn't really do anything, but we can do more:

Step 3
Lets all caps our website data(Face), or the pass phrase.
now lets use those numbers of ours(25) 2 and 5, and the length of the website data(Face) which is 4 and lets add that to our numbers. 2+4 =6, 5+4=9 and use those numbers for special characters. If your numbers exceed 10 then use just wrap around(if you warp around just use the last digit of the number) or backtrack the remainders on the keyboard.

and I'm going to append the key that most(or least) lines up with those as well as the length digit of the website data(4)
giving us: ^(bc,

And stick it to the end creating:

And this gives us a new password strength of:
PasswordMeter :100%, Strong.
Secure Password : 4 trillion years
Strength Test : Strong
MS Password Checker : Strong

Example Formula
So the formula we used was: (pass phrase) + allcaps(Shift 1 Right(first syllable of web address)) + (Special chars of(numbers+website data)) + the keys they line up with best.

So using that formula lets create a password for Gmail
  1. cold25H<SO: (Caps + shift keys to right)
  2. cold25H<SO:&) (2+5=7 ="&", 5+5=10=")") = &)
  3. cold25H<SO:&)n.v (add keys they line up with) = n.v
and that password is how strong?
PasswordMeter :100%, Strong.
Secure Password : 412 trillion years
Strength Test : Strong
MS Password Checker : Strong

You can decide the complexity of your own formula and how many steps you want to do and if you want to do different steps, as you saw just by doing coldGSVR we already improved our password significantly, and every site will have a different password. I'm saying this since I know must of you will be to lazy to do anything extra.

So if you want to create your own formula, then just change the rule I used and the order I used them in so maybe first do the special character(^(bc,), then the pass phrase (cold25) and then the caps + key shift web address(GSVR) to create "^(bc,cold25GSVR". Or just use this as an idea on creating formula in the first place.

Now the password isn't perfect and using a formula isn't perfect either, the formula can easily be cracked by experts, but it gives an additional layer of security.

No comments:

Post a Comment