Saturday, April 9, 2016

My idea about creating strong passwords which can't be lost and are easily accessible.

Memorizing a long password isn't trivial. Changing a password is difficult also. My idea is that instead of memorizing a long, complicated password, what if we calculated a hash of a peace of text which is always available somewhere?

Say, we have a favorite or not necessarily favourite book, movie or song. It can be in English, Chinese or Spanish  regardless of what our native language is so long as we're comfortable in understanding it. We take one phrase from that book, movie or song and calculate SHA-3 from it. And Bob's your uncle, that's our password.

Note that we don't have to remember the whole phrase or phrases. We only need to remember which hash algorithm we've applied and where that peace of text is located: the name of the book or song or whether it be. Then when we need to restore a password, we go to the Internet or wherever it's stored, for example, on our usb-flash drive, take it and calculate a hash from it and the password is restored.

To make it more secure, we could:
  - Take a few sequential phrases and mix them or take them non-sequentially.
  - Add noise to it, for example, "@" in the beginning and "#" to the end and that'll completely change the hash or the password.


How is it better than memorizing a long password?
In this approach we don't have to memorize the whole string being the password.  We merely have to memorize where to get that peace of text and how to calculate the password from it. The bottom line is, even though we don't remember our password exactly, we always can calculate or restore it.

How can one calculate a hash of a peace of text?
In the terminal or in any programming language.

Will the password have to be calculated a few times each day manually?
Yes. But that can be automated.

At the moment this idea is rather raw, it should be improved.

No comments :

Post a Comment