h a l f b a k e r yTrying to contain nuts.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Scribble Password
Easier, kind of fun and not crackable before the Sun collapses into a white dwarf. | |
When creating an online account and login, a blank screen pops up with a curser shaped like a pencil with a timer icon in the corner. You scribble random shapes for ten seconds or so and the timer dings. That's your password replacement scribble.
You can extend it for as long as you want but ten
seconds of random scribbling isn't going to be cracked by any computer system ever. The numbers you're putting into this scribble include not only the X Y coordinates of the points of your scribble, but the timeline of the input of those points as well. You're encouraged to vary the speed of your scribble.
Now the drawback is that you're not going to be able to remember it without saving it digitally but so what? Nobody does that now anyway. It's stored in your browser and if you want, you can download it onto your computer.
Now why not just hit a bunch of random keys? This is faster, less complicated and might even be kind of fun. No need to check if you've got the mandatory upper case, lower case, symbols and numbers. Just frantically (or slowly) scribble for ten seconds.
Could do it for your user name as well but the password being un-crackable would probably be enough. Plus user names are a part of social websites. Can't exactly have an obsessed, life consuming flame war with a bunch of squiggles.
(?) TrueCrypt uses a mouse scribble
They really do! https://security.stackexchange.com/questions/32844/for-how-much-time-should-i-randomly-move-the-mouse-for-generating-encryption-key [not_only_but_also, Dec 11 2023]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
//you're not going to be able to remember it without saving it digitally but so what? Nobody does that now anyway. It's stored in your browser// |
|
|
So the only function of the scribble is to generate a long string of random-looking characters to paste into the password field? |
|
|
So the instant low-tech way to implement this is to take a post-it note or back of an envelope, scribble furiously, say "ding", and press the "generate password" button already built in to your browser. |
|
|
LOL, okay, that's the best criticism of an idea I've ever heard. |
|
|
So I'll sayyyyy... this is more fun, lets you control the creation of the key... and... ooh! |
|
|
You know somebody didn't hack your computer and put in a program to create passwords for you that goes to their database. (But if they've hacked your computer they could get your scribble) |
|
|
Okay, I'll stick with the "this is more fun" thing. |
|
|
"it's fun to have fun but you have to know how" |
|
|
//Can't exactly have an obsessed, life consuming flame war with a bunch of squiggles.// |
|
|
This may come as a surprise to those who have already commented, but... Baked! TrueCrypt uses your mouse-scribble to increase the entropy on a random seed. See link. |
|
|
Got the link / title mixed up I think. |
|
| |