A login with protection from keyloggers

0  

A protection from simple keyloggers & easy-to-remember passwords, encode your input!

YAML 來源 想法

I frequently use other computers to check my mail (circa 2005), but I'm afraid there could be keyloggers running. Also, I do not want to frequently change my password. So. I have an idea.

On login page: An option to enter password using some arbitrary one-time combinations for your password.

For example, every time I opened a login page, a random list of key-combination equivalents to alphanumerals would be generated:

a: f5, i: i, q: gr, y: iu, 6: ro b: 48av, j: 8i, r: u, z: ai, 7: ta c: 4, k: 0g, s: 111, 0: dd, 8: aa d: 05, l: d4, t: 9h, 1: zh, 9: f e: gq1, m: 0, u: mw, 2: hi f: yu, n: ri, v: x, 3: ow g: an, o: so, w: 74i, 4: ne h: 3, p: 00, x: m, 5: uh

If your password would be something like "f4hou5e5", you'd type "yune3somwuhgq1uh", so no one would log your real password, and every time the "password" would be different.

What's more, this actually makes it possible to have easy-to-remember passwords made of simple words, i.e., "elephant", "congruence",...

To make sure it is impossible to guess the password by collecting information of multiple logins, there could be generated by several random symbol combinations for each alphanumberal. E.g.,

a: f5,uz1,eu b: 48av,ki,1 c: 4,yhi,z6 d: 05,hhi,i e: gq1,nt,05 . . .

So, if your password was "elephant", you'd enter "gq1d4nt003f5ri9h" instead of "gq1d4gq1003f5ri9h". For the first "e" you use the first symbolic equivalent "gq1", and for the second "e" you use the another "nt". So there wouldn't be any logical pattern, any connections with anything. Your entry could only suggest the average number of symbols in your real password, but it's your problem if you create a very short password.

Another one point. As you see, the combinations sometimes become quite long. I think from simple keyloggers there would be enough simply randomly jumbled letters. i.e.,

a: d, i: i, q: x, y: c, 6: e b: f, j: m, r: v, z: 9, 7: y c: u, k: a, s: o, 0: p, 8: 8 d: n, l: 4, t: 7, 1: z, 9: k e: 1,5,3, m: 0, u: j, 2: g f: s, n: r, v: 6, 3: l g: 5, o: w, w: 2, 4: e h: 3, p: b, x: t, 5: a

"elephant" would be "145b3dr7" with the same number of symbols.

So, that's the protection from simple keyloggers.

Securing the display of the tables of symbolic equivalents would be another problem. The idea is that every time you open a webmail login page or a banks login page, you see a new table of equivalents, and you use them to encode your input.

Mindey,


(別通知) (可選) 請,登錄