«
»

Reopen Sesame


The open sesame post describes a way for password management that is quite effective. However, there are some shortcomings. One, you need software which means when you don’t have it, you don’t have your password. While this isn’t a problem for most of us who are always online, it’s hard when I’m traveling in India and the concept is free wifi isn’t as common. Another problem is security. Supergenpass, it seems, can get access to your root password if executed on malicious sites. Lastpass stores all your passwords online (encrypted using a root password of your choice) making the prospect uncomfortable for some.

Here is an alternate solution to strong passwords. Come up with a small strong password that is easy to remember. Let say your root password phrase is ‘camelot’. Now come up with a consistent ciphering algorithm.
For example, replace all A’s with @ or all O’s with zeros etc. Capitalize every third letter.

Now, your root password becomes something like ‘c@Mel0t’. Now for each site either prefix or suffix the site name and apply the same ciphering algorithm.

So, if you visit www.google.com, you end up with a password like ‘g00glEc@Mel0t’.

Use this approach to create more replacements or change to rules so you come up with your own. One thing a lot of people might point out though is someone who has access to one password now knows your root password and hence can guess the passwords to all sites. This isn’t entirely true. A lot depends on your scheme. For example, if I need a yahoo password using the scheme above, it becomes ‘y@H00C@mEl0T’. Since the rule was to capitalize every third letter, the root password differs from the google one. Also, since you come up with the rules, you can make them as complicated as you need. For example, capitalize the 3rd letter, if the 3rd letter matches your cipher don’t go the cipher. Using this rule. Your google password becomes ‘g0OglEc@MelOt’ and yahoo becomes ‘y@H00C@mEl0T’. The your google password now starts with ‘g-zero-caps o’ as opposed to ‘g-zero-zero’.

Lets hear your innovate ways to password management sans software.

,

This entry was posted on December 19, 2009, 9:01 am and is filed under Tips and Tricks. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. #1 by pijbipjgvpeekv on December 20, 2009 - 11:38 am

    dude how do u have time for all this…….

    Reply Quote

  2. #2 by Avinash Shetty on December 20, 2009 - 12:08 pm

    why are you reading my blog? haha.

    Reply Quote

  3. #3 by wackoid on December 27, 2009 - 10:35 pm

    shouldn’t the Yahoo pwd using the above scheme be “yaH00…” since we are using zeros for O’s? ;-)

    Reply Quote

  4. #4 by Avinash Shetty on December 28, 2009 - 10:13 am

    wackoid :

    shouldn’t the Yahoo pwd using the above scheme be “yaH00…” since we are using zeros for O’s? ;-)

    Yep. Updated the post

    Reply Quote

  5. #5 by wackoid on December 29, 2009 - 5:48 am

    and Anisha’s gorgeous .. evidently she’s gone on the mother ;)

    Reply Quote

    • #6 by Avinash Shetty on December 29, 2009 - 11:23 am

      no doubt. Though I think Rahul is better looking.

      Reply Quote
(will not be published)