more on passwords
iGoogle has a nice gadget that is a password generator. One master password plus a task specific seed spits out a cryptographically decent password of numbers and characters (the common denominator across most websites).
The idea is that you only have to remember ONE master password, and that the seed is somehow connected to the task at hand, e.g. the URL of the website for which the password is needed. Since the algorithm is deterministic, nothing needs to be stored and the same password will be generated every time that the algorithm is run.
So far so good. The main problem so far has been that the URLs are really not that stable either. For example, most basic URLs redirect to a specific URL in the company's cloud; so simple cut & paste of the URL is out of the question. (Plus, who uses URLs anyway--we all Google right?) Furthermore, even the base URLs, i.e. http://www.company-name.com is surprising unstable. I have run into at least one case where the merger and acquisition game of the modern business cycle eliminated the original name. And the continuous reinvention of modern companies--bye-bye Philip Morris, hello Altia--isn't helping either.
I have also experimented with using different seeds (the password generator programs themselves do not care), but then I have to remember what the seed was, and especially how I spelled it, and we all know what difficulties I have with that!
Which leads me to conlude that I should just switch to bio-identification altogether.
The idea is that you only have to remember ONE master password, and that the seed is somehow connected to the task at hand, e.g. the URL of the website for which the password is needed. Since the algorithm is deterministic, nothing needs to be stored and the same password will be generated every time that the algorithm is run.
So far so good. The main problem so far has been that the URLs are really not that stable either. For example, most basic URLs redirect to a specific URL in the company's cloud; so simple cut & paste of the URL is out of the question. (Plus, who uses URLs anyway--we all Google right?) Furthermore, even the base URLs, i.e. http://www.company-name.com is surprising unstable. I have run into at least one case where the merger and acquisition game of the modern business cycle eliminated the original name. And the continuous reinvention of modern companies--bye-bye Philip Morris, hello Altia--isn't helping either.
I have also experimented with using different seeds (the password generator programs themselves do not care), but then I have to remember what the seed was, and especially how I spelled it, and we all know what difficulties I have with that!
Which leads me to conlude that I should just switch to bio-identification altogether.