by Xavi Esteve
on February 25, 2012
(1 minute read)
Here’s a very cool technique to remember unique passwords for each website or service that you access while keeping them super secure. So no need to worry about either having to remember 10 different passwords or using the same password for all the online accounts you have.
The way it works is pretty straight forward, every time you refresh the page The Human Password Generator it generates a short list of steps you need to remember that will generate very secure passwords on every different website… sounds good? Check it yourself in one click:
Click the Refresh button until you find nice looking passwords and print the page to keep it very safe. It is just a piece of paper so you can hide it very well nearly anywhere. I would also recommend to change all your passwords once every 6 months (imagine you kept your password combination in a book and one your day your sister accidentally sold it).
You can also just keep the URL that’s at the bottom of the website, it stores the exact combination that you have.
One comment
Najla AlOjaily says:
Dear Xavi Esteve,
First of all, I would like to let you know that in my humble opinion the generator you propose and implement in your web is pretty awesome. It produces seemingly secure passwords that are easy to remember by the users. Possibly because of that, my M.Sc. supervisor Dr. Julio Hernandez has chosen your generator as one that deserves further study in the project proposal list, so I gladly took the project. I am currently studying for a M.Sc. in Information Security and Biometrics at the University of Kent, UK.
The very aim of this project is to try and measure the entropy of the generator, as an indirect way of measuring its security. I intend to develop some code to automatically connect to your generator’s web page and retrieve as many passwords as possible. It is worth to stress that no DoS is intended, but I’ll be running the code for long periods of time. Hoping that it does not create any problems on your side.
Once I have enough passwords I’ll start the analysis phase, and finally come to an end with some conclusions or perhaps some solutions if any security issues where found. Before publishing anything, me and my supervisor will let you know any results, observations, and/or solutions that we have found while studying your generator.
Please let me know if you are happy with me proceeding to study your generator, and please do let me know if there is any additional information that can help in my work. Source code, pseudocode, or any insights will be particularly appreciated.
Kind regards.
Najla Alojaily
my email:
[email protected]
supervisor’s name: Dr. Julio Hernandez-Castro
supervisor’s email:
[email protected]