Tuesday, 28 August 2012

Introducing Secure Passwords

Learn how to create unique and strong passwords for your online accounts using the secure bcrypt algorithm. And you don’t have to store passwords anywhere.
You want to create lengthy, complicated and unique passwords for every website that you use but that rarely happens in practice because complex passwords are impossible for anyone to remember.
Some people rely on password management software like LastPass or KeePass that store all your passwords in an encrypted database which is then protected by a single master password. You enter the master password and you instantly have access to all your stored user logins and passwords.
Unique Passwords
Set unique passwords for all your web accounts but remember just one pass phrase

A Unique Password for Every Website

Here’s an alternate solution that I initially created for internal use. The tool is called Secure Passwords and it generate unique and strong passwords  for your various web accounts using using the secure bcrypt algorithm.
The advantages are that your passwords aren’t stored anywhere, the passwords are hashed using bcrypt (irreversible) and all you have to do is remember is one master pass phrase.  The password generator works on both desktop and mobile screens. You can also download the tool from Github as a ZIP file and run it offline on a USB drive or upload it to Dropbox.
To get started, enter your user name (or login id), the site’s domain name (e.g. google or facebook), your master password and hit the generate button. The tool will instantly create a unique password based on your input and it will always generate the same password for that set of parameters.

How Secure are my Passwords?

The passwords are impossible to guess as they are made of digits, special characters and letters in mixed-case. The passwords are generated using bcrypt which is still resistant to brute-force attacks and therefore it will be impossible for anyone to decrypt the master pass phrase should any of password ever gets leaked online.
Also, the tool computes passwords in your web browser itself and not a single byte of data is transmitted elsewhere. You can browse the full source code at Github.com and, if you know a bit of programming, modify the code even further to suit your requirements

No comments:

Post a Comment