Please consider giving the user alternatives to the
master password (i.e. the password you need to open the
It's a known fact that people simply select too easy
passwords because they can't remember complex ones, or
write the password to a note attached to their monitor.
According to some studies, this is the number one
security problem in many sectors.
It would be so easy to avoid this problem by allowing
users to use something else for validation than a
* Create e.g. a 5x5 image grid of small symbols or
simple images. User can then define the master password
by clicking the images. I'm a programmer myself and I
know you will need some string which you use to decrypt
the password file. Generating a password string from
this method is easy, just hash (sha1 or md5) the
pattern ("1. image clicked: 6, 2. image clicked: 4...")
and you'll have a rather good string password to use.
If you want to do this the advanced way, then you could
also measure the time. E.g. "1. image clicked: 3, user
waited for 3 seconds, 2. image clicked: 7, 3. image
clicked: 4". Hash that string and use it as the
password. Of course, the time measured must be rounded
to e.g. the nearest second or two.
Allow user to draw the password. This idea is easy to
understand if you use the latest Firefox with the mouse
gestures. The user could press down the mouse key and
move the mouse to create simple images (mainly lines
and simple shapes). Of course, user can't draw the same
picture every time, this problem can be easily solved
with some rounding functions just like the mouse gestures.
Allow user to use a file as a password. This is not
the best solution but in my opinion anything is better
than the master password concept. The idea is that you
could select a file (e.g. from a DVD disk, CD or
USB-drive), then the program would calculate its
checksum (sha1 or md5) and use that as the password.
The first two methods are used e.g. in handheld devices
and my bet is that they are coming to smart phones in a
very near future.
Feel free to contact me if you want to discuss more:
Log in to post a comment.