Safer Password For Web, Email And Desktop/Mobile AppsThe SaferPassword utility is for any person who needs to keep his/her passwords secure, easy to remember and hard to break. Read about the advantages below.
Read more about Safer Password
Safer Password - full explanationWe at Bizpages designed a system that is simple, safe and combines the advantages of all other solutions. You can write your weak passwords on paper and still be protected from prying eyes and attacks. Also, you can use the convenience and mighty cryptographic protection of online password managers to store your passwords. This utility just adds another layer of security and convenience.
STEP 1. Create a Master Password
Your master password is a word or phrase that should be long enough (min. 6 characters) and that you will NEVER forget. For better strength, it can be case-alternate or contain numbers or punctuation marks. An example: WhiteFish12.
This password is TOP SECRET, it should not be kept on paper or in a computer/phone. Only in your memory!
STEP 2. Create and write down/save an Open Password
It should be easy to remember and write, minimum 4 characters, and does not have to be complicated at all. It can be "password", "123456" etc. Its complexity is not so important, but it must be convenient to write and type. It can be made public or seen by anybody as your open password.
STEP 3. Generate your Working Password
This is the password that you will actually enter into the login form of your online service, email account, etc. You don't need to write it down or try to memorize. Nobody really needs to see it, in fact, even you don't need to see it yourself! Just paste (Ctrl+V on Windows or Command-V on Apple) it into the password field of your login form.
The whole point is that the Working Password can be recreated at any time by using your Master Password and Open Password on this page or any other online service where SHA1 Hash, HEX to ASCII conversion and Base64 encoding transformations can be implemented.
STEP 4. Next time when you need the password...
Just come back to this webpage and enter two passwords: Master Password from your memory and Open Password from your yellow sticker or Excel file where you keep passwords. Then press GENERATE SAFER PASSWORD. The Working Password will be then automatically recreated and copied into the Clipboard.
STEP 5. What if this webpage is not working?
Below you can find two Protocols TO RESTORE your Working Password even without using this webpage.
Password Restoration Protocol 2. Alphabet AND non-alphabet symbols in password requested by user
More thoughts on secure password creation, storage and restorationKeeping a password safe, confidential and restorable is a tremendous challenge. A great number of Internet services, email accounts, social media profiles, online banks, mobile applications etc. all require that the owner should store a safe password and enter it upon request. Losing or compromising a password in front of an attacker can be catastrophic to a person, business or even government.
Safe/strong or unsafe/weak passwordsA password is usually considered as unsafe or weak when:
A safe or strong password is usually long, at least 8 symbols, not a dictionary word, has alternate capitalization like "PasSwOrd", and contains numbers and punctuation/non-alphabet symbols like "Pas_sW0Rd".
It is obvious, that a stronger password is harder to remember. The problem is, therefore, more SECURITY means less CONVENIENCE and vice versa.
How to keep your password lists: working methodsThere are several methods how to deal with the password problem.
Method 1. Writing passwords by hand on a piece of paperAdvantages:
It is an old-school technique. Such a password is hard to be stolen via an online attack, unless there is a key-logging software running on your computer and stealing info as you are typing.
Method 2. Keeping list of passwords in your computer or phoneThis option includes keeping the passwords list in a protected/encrypted storage locally on your computer, or a password-protected file.
Method 3. Using online password servicesThis is a modern and very popular solution where all your passwords are kept on a secure server and login credentials are automatically entered into the login form of the online service or website you are visiting. Such a password storage would usually be provided by a world-known service, for example, 1Password, LastPass, etc.
The cloud password services ensure the highest level of security as they are using state-of-the-art algorithms to create and store hashes and keys to protect the user's password and other important data.
In terms of cryptographic security, the cloud services are extremely safe. But they have a number of features that can be problematic for a user.
Issue No.1 what happens if the master password to the cloud password service is lost? The restoration procedure is quite complicated and it is not 100% guaranteed. In case the master password is lost and cannot be restored, the user is going to lose the whole list of logins/passwords forever!
Issue No.2: The Master Password to access the online service still needs to be strong and kept in a secure location beyond the online password manager itself. It can be written on paper or in an password-protected file. Both options lead to issues described above in Methods 1 and 2.
Issue No.3: the convenience of such services has a downside: very often they automatically suggest that you update login info for an existing website even if you need no new password. This may cause accidental deletion of your password even without your knowledge, so that next time you will fail to login without a way to restore your password.
Issue No.4: once you are logged in the system, anyone can use your computer to see your login/password, modify or even delete them. You either need to log out every time, or protect your computer/phone from unauthorized access through additional measures.
This problem can be dealt with by setting a paranoid auto-logoff after a certain period of activity. Here, however, the user again faces the problem of CONVENIENCE AGAINST SECURITY. With a strong password to access your online password manager, it needs to be typed in every time the user re-logins after an auto-logoff.
Issue No.5: Your sensitive data are kept on a remote server that you cannot control. You have to trust the password storage company saying that they comply with the Zero Knowledge policy, that is, that your data is encrypted and nobody at the company would have access to it. You never see these people in person, you don't know them and you have to take for granted that they are reliable.