Mar 24, 2006
P30%_gha! or p0%3ghA!?
If you’ve ever resorted to scribbling your assigned computer password on a Post-It and sticking it to the side of your monitor because it was too cryptic to remember, then research at the Fraunhofer Institute for Secure Information Technology in Germany, could be just what you’ve been waiting for.
The scientists there have developed a new program – PasswordSitter. “Using it, you only need to remember a single password. The program provides all the other passwords on any device, whenever you need them”, explains team leader Markus Schneider, “A special procedure based on state-of-the-art encryption technology provides the necessary security.”
Despite new security mechanisms, requesting a password is the most common method of checking a user’s identity. Most of us have so many passwords for websites, databases, email etc, that remembering which one goes with what is a major headache. The problem is doubled by company IT managers who often force users (quite sensibly) not only to choose non-obvious passwords with mixed alphanumerics and even punctuation marks but also to change it on a regular basis.
According to the annual Safenet survey, half of all professional computer users write down their passwords, and around a third even divulge their passwords to colleagues. It almost defeats the object of having a password in the first place. A lot of people go for weak passwords, such as the name of a spouse, or don’t think twice about using the same password for everything. “These kinds of practices harbour potential security risks”, says Schneider, “On the other hand, it’s virtually impossible for you to follow the security advice from the experts without any help.”
PasswordSitter bolsters security because it generates strong passwords, while the level of security can be set to allow different password guidelines to be followed and passwords can be changed quickly and easily.
But, you may be wondering why not opt for one of those neat USB fingerprint reader? gadgets? Well, they’re fine if you’re at your own PC, but what happens if you’re working at someone else’s workstation or in a cybercafe?
PasswordSitter provides users with access to their passwords from any device at any time they need them.
So, how does it work? Well, it seems that Fraunhofer aren’t so keen to reveal details, although Schneider told Sciencebase that, “PasswordSitter is available as signed Java applet. If you are in a cybercafe in Peru, then you can download PasswordSitter, type in your Master Password and PasswordSitter generates your ebay password for you every time you need it. Note that your ebay password is not stored in the PasswordSitter system.”