Floating Password

I think for some the contents of this article will not be a discovery, but at least I did not find on the Internet a description of such a mechanism for accessing resources through a password / login link.

The goal is to create a simple and reliable user identification system using a constantly changing password.

One of the main conditions for unambiguous confirmation of a person or her credentials in the system is a high-quality password, which should have the following characteristics:
  1. high complexity;
  2. periodic shift;
  3. storage reliability.

All these requirements can be fulfilled by applying the scheme described below.

Example 1. Generating a password on the user side with a frequency of 1 year:


2014 - current password: 12 @ i4Wednesday
2015 - current password: 12 @ i4Thursday
2016 - current password: 12 @ i4Friday

where:
  • 12 @ i4 - the "basic" part, invented by the user;
  • Wednesday, Thursday, Friday - “floating” part, which corresponds to the name of the first day of the week of the current year.

Server-side generation follows an identical algorithm.
The algorithm and frequency of password changes is configured by the user or administrator, through the "designer". The combination of “basic” and “floating” parts of a password can have arbitrary complexity and sequence.

Example 2. Generating a password with a frequency of 1 day (let's complicate the algorithm):


Date: 04/12/14 - current password: 12 @ i4Wednesday335704
Date: 04/13/14 - current password: 12 @ i4Thursday334152
Date: 04/14/14 - current password: 12 @ i4Friday334152

where:
  • 12 @ i4 - the "base" part;
  • Wednesday, Thursday, Friday - “floating” ”part, which corresponds to the name of the first day of the week of the current year;
  • 335704, 334152, 334152 - the official Australian dollar exchange rate for the previous date, without a comma.

The “floating” part can be tied to almost any source of periodically changing and structured data, up to the first word of the heading of a top article of a news service.

Possible development of a floating password system:
  • rejection of the basic part of the password;
  • refusal of login.

Advantages of a "floating" password:
  1. relative ease of implementation;
  2. the user is not required to remember the password, it is enough to know the mechanism of its generation;
  3. guaranteed periodic shift;
  4. medium / high reliability.

Additional restrictions:
  1. the need to implement additional services on the server side;
  2. you may need to create a source of summary information to generate a password (page / site / service) that helps the user to generate a password on their own, rather than search for data all over the Internet. For example: the initial page of the screen on which the weather in various cities is displayed, exchange rates, calendar, movie box-office fees, etc.

Potential risks:
  1. Sophisticated user interface of the constructor for creating a "floating" password on the server side;
  2. additional computing load on the server.

Also popular now: