One-Time Pa(d)sswords

Password Code: Use ONCE! Trash it, don`t reuse it!Remember that time when I talked about how you should never recycle passwords? Yeah, I know, I don’t stop telling you that. And most of you don’t stop recycling passwords either! And no, recycling passwords is not helpful to the fight against climate change. Who told you that? It is, however, very harmful to your privacy!

And I can’t say it often enough that current systems may be enough for now but you must never be complacent because you must never underestimate the laziness and stupidity of people like those at Sony. I know it’s difficult but  it’s all just a matter of habit and one day you’ll be thankful for it. (Or you’d wish you listened to me. Then I can say, ‘I told you so‘.)

Anyway, I found a web application that may just be useful to your laziness. It’s pretty much like the One Time Pad encryption. And lucky you, all you need is just one master password! Okay, so I don’t know what it’s called. But who cares? You get to be lazy and stay secure. Yay! I think it’s called “hash” but I like to refer to it as “The OTP Thing“.

This may just be the solution to password recycling and your key management problems! Try it: the url is 'http://wordpress.com' and the password is 'password' and you'll get the same hash. And for the love of god, don't use 'password' as your own master password!

So how does the otp thing work? It takes a domain name, and a master password and return you a hash. The password is generated on your computer using JavaScript so nothing is sent over the network. You can then use the hash, or part of the hash, as your password. There is also a bookmarklet available which automatically detects password fields and fills them in for you.

The OTP Thing or Hash isn’t 100% bulletproof as there are still other ways you may be attacked like phishing and keyloggers, but at least it’s better than recycling passwords!

Originally published at Princess of Antiquity.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: