About & Contact

Articles & Links
Subscribe by Email

Articles Only
Subscribe by Email

Want a cool custom feed count image like the one above? Check out Conflagration!

RGR is hosted by asmallorange and powered by Serendipity. Have you checked out my other web sites? You can promote your blog at your favorite web forums with SigFeeder, or find some current, interesting news and opinion on a wide range of topics at Siteb.us! Like 'toons? Chat it up at the Animation Republic Forums. Or stalk me on my Pownce page.

Hiding passwords in plain sight

Sat 18 Aug 07 19:09 | Tags: Internet

You have to use passwords to access a lot of handy stuff on the internet. From vital, important things like online banking to fun, relatively trivial things like forums about cartoons, you're going to be asked to use a password to identify yourself. If you have a large enough presence on the internet, there's going to be a whole lot of passwords you're going to be asked to remember.

And, of course, you do just as the security experts advise, and use passwords that are combinations of letters and numbers, are of sufficient length, and are difficult to guess, right? And you never, ever write down all your passwords in one place; like, say, a text file on your computer, right? Right. Uh, me too.

Of course, we never would. But if we did…

But let's say for a moment that you were to create a file with your passwords in it on your computer. You know, just hypothetically speaking. This would be a really insecure and dumb thing to do, but is there a way to do it which would still make it difficult for someone with hostile intent to use your passwords if they came across that file? Sure, there are encryption tools and such to make files difficult for unauthorized people to access, but I've devised a little way to do this which I think works pretty well, but is much simpler to use. You know, if I were to ever do something like this, which I never would.

The key is that you don't need to put the entire password in the file; just enough to remind you of the password the next time you go to access it. And that reminder could look like gibberish to someone else. Let's say you had a goldfish named Oscar when you were a kid. A good password to make from this, then, would be 0scar79, 79 being the atomic number for gold. (Note that we're also using a zero instead of an oh for Oscar's name.) So how could that be obfuscated in a way that would remind you of that password when you needed it, but look like nonce to someone else? Well, it would be up to you, but I would probably do something like 0****(##atomic). Looking at that, I would think, "Hmm, begins with a zero, so it should probably really be an oh… has four letters after that… and it has an atomic number at the end, like an element or something… Oh! Oscar the goldfish!"

Okay, so it's a little silly. And I"m probably not the first to have this idea. But it works. I could theoretically keep my obfuscated passwords in a sidenote file, ready to pop up for easy access whenever I need to log in to Digg or something and can't recall my password. I just make some little rules for mapping the password characters to obfuscated ones; for example, a dash could signify repeated characters, and a percent sign could signify an intentional misspelling. Given those rules, here's some other sample obfuscations:

b4nana = *4**--
sanndb0cks = *a*-**0%%%
sod4caaanz8   = s**4**--*%(#young)
…(since 8 is Steve Young's jersey number)
green3141tea = ***-*(####apple)*e*
…(since 3141 are the first four digits of (apple) pi)

…And so on. Of course, you don't have to follow these rules; feel free to make up your own (in fact, this scheme will be more secure for everyone if you do). The key is that you merely reveal enough of your password to remind you of it, but not enough that others would be able to easily guess your password from what you've revealed.

You know. If you were going to actually do something like this. Which you shouldn't.

Get more great Ray Gun Robot content sent directly to your feed reader or email inbox! Subscribe today!
Articles & Links — Via Email
Articles Only — Via Email

0 Comments | 0 Trackbacks | |

Trackbacks

Comments

Add Comment

RGR is a safe-for-work site. Please avoid posting explicit content, and please clearly label any links which link to explicit content. Comments which do not follow these guidelines will be deleted. Thank you.

Name:

Web site:

Remember your info

Comment:

Markdown format allowed

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Enter the string from the spam-prevention image above: