Auto-generated password
Why should I use auto-generated password? There are many advantages:
-
Different password for each account
- each online account will have it's own password. Users tend to use one password for more accounts and
that is one of the major causes of security breaches.
-
Passwords are not predictable
- passwords are generated with no predictable pattern. Users usually develop pattern for new passwords and
this greatly reduces number of combinations that potential attacker needs to try.
-
Passwords are strong
- passwords use combination of alphanumeric and special characters.
Users like to use words as part of password, which is susceptible to dictionary attack - another major
cause of security breaches.
-
Passwords are NOT saved in the database
- What? How can that be? How can you use passwords which are not there?
This is a special feature of Guarded Key, which you cannot find anywhere else.
Passwords are created from building blocks, which allow the application to rebuild each password.
(see below how this is done).
Auto-generated password is created from following building blocks:
-
Provider
- usually domain, for example wikipedia.org, www.youtube.com, twitter.com.
-
Id
- used to sign in. Each web site uses different Id, it can be full name, alias,
email, membership id etc.
-
Variation
- used to alter password generation. Single character added or changed here,
completely changes resulting password string. More about it later.
-
Use !@#$%^&*...
- punctuation marks are included with alphanumeric characters to create strong password.
However some web sites do not allow for these characters and only alphanumeric password
can be used. In that case you have to disable punctuation marks and at the same time
it is a good idea to increase length of the password to keep the same level of safety.
-
Length
- password length can be set from 1 - 100 characters. Default value is 12.
How Guarded Key generates strong passwords?
Database Key and Encryption Key (setup during database initialization) are starting point of a sophisticated algorithm,
which allows to generate strong passwords by use of 4096-bit encryption. Result is 512 character long string from which
only part is used as password - user chooses password length from 1 to 100 characters.
This prevents absolutely any reverse calculation process. Even if administrators of your favorite web sites decide in a great conspiracy
to put together all your passwords, they would be unable to predict passwords for your other online accounts (like a bank account).
Since every user in this galaxy has different keys, there is no way of predicting what is the password for any particular account,
but it creates a repeatable process that allows for password to be reconstructed from building blocks.
The big advantage: No passwords are saved in the database! Even if
somebody managed by some miracle to decipher the database and get information about your online accounts,
there are no passwords stored there, and all the effort of breaking into the database is for nothing.
Password reconstruction also brings another property of Guarded Key application
- building blocks Provider, Id, Variation, Use of special characters, and password Length,
can be safely sent accross public networks as a plain text (unencrypted) and
password can be reconstructed on the other side.
Example:
Provider |
wikipedia.org |
Id |
WikiUser |
Variation |
dog |
Use !@#$%^&*... |
Yes |
Length |
12 |
Guarded Key generates Password: RbZa]tACF.et
Options for auto-generated password
To enable auto-generated password, check "Automatic password" checkbox.
If the website does not support special characters, uncheck "Use !@#$%^&*..." checkbox.
As you can see from the following picture, password has changed and now contains only alhpanumeric characters.
When you use only alphanumeric characters we recommend to use password length which is about 10 - 20% longer
to keep the same level of safety. For example if you use 8 character passwords with punctuation marks
(3282116715437121 possible combinations), alphanumeric password should use 9 characters
(13537086546263552 possible combinations).
When you need to change auto-generated password, you change the field "Variation" and click "Generate Password" button.
In the example earlier we had Variation set to "dog". Let's set Variation to "cat":
Example:
Provider |
wikipedia.org |
Id |
WikiUser |
Variation |
cat |
Use !@#$%^&*... |
Yes |
Length |
12 |
Guarded Key generates Password: MRK4tDRFSWT^
Changing only 1 character in Variation generates completely different password.
Example:
Variation |
Password |
A |
4A5{xcfmbu1n |
B |
rBw2h|)iYF^E |
C |
MZ%Gx!h5szQx |
D |
PTUD}*a{*c38 |
E |
Do you know what the password is? Hint: first 4 characters are "KKRb"
Can you guess the other 8 characters? I doubt it. You have a better chance of winning jackpot in a lottery!
|
If you like, you can also change password length. We recommend using at least 8 characters.
Well done. You can create passwords so strong, that you could get a job at NSA.
Copyright (C) 2011-2016 Robert Janik, Brno, Czech Republic
|