Are you required to change the password of your most frequently visited website once every two weeks and you end up changing it from T1mesSqu@re (your favorite password) to T2mesSqu@re to T3mesSqu@re and so on and by the end of the 8th week you are frustrated because you don’t remember which website is on which number?
How about a system which works something like the SecureID’s two factor authentication (http://en.wikipedia.org/wiki/SecurID) where one part of the authentication is what the user chooses and remembers and the other part is changing.
Let me explain with an example
I am creating an account on http://www.blabla.com. I will be required to choose a password “T_ _mesSqu@re”. Also I will be choosing a method that will define what the two blanks will be. Options for a method can be
- Sum of DDMMYY up to 2 digits (date can be current date, anniversary date, birth date etc.)
- Multiplication of date and month and adding the digits to get a 2 digit number
- .. anything really that is changing (sum of the digits of the current population of India? 😉
So if I am logging onto blabla.com today (02/08/13), my password (with DDMMYY sum method) will be T14mesSqu@re (Sum is 14). While setting the password we could also have set it like T_mesSqu_@re, in which case the password now will be T1mesSqu4@re.
So now we have a password where even if the one to remember part is compromised, the digits calculated with the method will make sure the total password is still safe (safer?).
Will be happy to get some feedback on the same, or if you have seen anything similar?