September 2009

Managing Passwords on the Internet

I cannot believe that there is no better way to manage your accounts on the various web sites than passwords. No one can remember them. I've been bitten my malware, such that storing these passwords in Internet Explorer seems dangerous and many sites rightfully prevent it anyway. Some security experts recommend choosing variations of passwords (admittingly before the web explosion), but this is clearly a trade-off between randomness and memorizability. If you can remember it, it is probably not random enough. So I've been developing an idea that I claim combines memorizability and randomness. First choose an area that matters to you. It can be cars, music or like in my case movies. Then search for a web database that stores information about that area; in my case imdb.com. Now for each web site where you have an account find the topic in the area which you most associate with the web site. This association should be emotional and intuitive. It is well known that associative passwords are easier to remember. An example: For my bank's web site, I choose a movie about money: Boilerroom. Then go to the web database and look up a specific property of the associated item, e.g., the main actor. In the example this is Giovanni Ribisi. Choose three rules for modifying the looked up property. These rules must be the same for each password, such that you can remember them. They are used to prevent dictionary attacks, e.g., move the first three characters to the end, replace a-e with 1-5 and write r, s or t in uppercase. The resulting password is v1nniRi2iSigio. I've been able to recall passwords I haven't used for over a year and all of my passwords have been rated green by password checkers, but that's of course only one sample.

P.S. Don't think I've just told you my online banking password.

Reasons for writing a blog

I've been looking for a good reason to write a blog for some time, since most blogs are a pure waste of time for the author and the reader. So I am trying to combine the benefits for the reader (if there are any) with mine. In this blog I will publish ideas I've been pondering for some time, but never got to really follow up. The reason has been mostly time. I simply had different priorities. Nevertheless I like the ideas and consider them interesting, novel or useful. I choose to publish them this way which seems to have the least cost to me. Nevertheless I hope publishing them will free my mind for future ideas which would be my benefit. I believe most of them could be made into reasonable scientific publications given someone spends sufficient time evaluating them. In some sense this blog itself is the first such idea.