Let's Play with Passwords. So, I am going to propose a method, where all you need to remember is a number between 1 and 9 ( or a letter between a to z)and a mathematical method. That's it. Your password is ready. For that first we need a two way authentication. First authentication method could be finger print, face recognition or waving or whatever you fathom. Let's take a Face recognition system. You open Windows Laptop or a Windows Mobile ( Maybe), it recognizes your face, checks its validity and generates a say 7 digit number or a 7 character stream. You should already configure your Windows Laptop, with the 1 and 9 ( or a letter between a to z)and a mathematical method.
Let's say, I configured number 2 and method, altearnately add the chosen number. After first level recognition, it gives you 2749164. So, now my Password is 4769366. In case 9+2 =11( take the last digit). Every time, the 7 digit number you get, will differ. And you can create password just by knowing your number and method. Each of your device can have same method and number, so that, it is easy to remember passwords and not to write it anywhere or different sets. Very very simple to remember. The methods can be unlimited. Even for alphabets and 100 different methods possibility is 24 * 100 = 2400 possible passwords, every single time. You can even program your own method, which makes the possibilities literally unlimited. So, i guess nobody will allow someone to try thousands of times for a commercially available personal device. Even if someone tries at different intervals, the user should be notified of wrong password attempts and adviced to change password. Anyways, password is Very simple to remember. Try for high security systems yourself. For multi digit results of a number, if operated on a given place in the given 7 digit number, always use the last digit. For fractions, use the digit before decimal and for negatives leave out the negative symbol. As they have more chances of variation. I hope, mathematicians and experts will figure out all these small small things. This is not about deciphering.
Let's say, I configured number 2 and method, altearnately add the chosen number. After first level recognition, it gives you 2749164. So, now my Password is 4769366. In case 9+2 =11( take the last digit). Every time, the 7 digit number you get, will differ. And you can create password just by knowing your number and method. Each of your device can have same method and number, so that, it is easy to remember passwords and not to write it anywhere or different sets. Very very simple to remember. The methods can be unlimited. Even for alphabets and 100 different methods possibility is 24 * 100 = 2400 possible passwords, every single time. You can even program your own method, which makes the possibilities literally unlimited. So, i guess nobody will allow someone to try thousands of times for a commercially available personal device. Even if someone tries at different intervals, the user should be notified of wrong password attempts and adviced to change password. Anyways, password is Very simple to remember. Try for high security systems yourself. For multi digit results of a number, if operated on a given place in the given 7 digit number, always use the last digit. For fractions, use the digit before decimal and for negatives leave out the negative symbol. As they have more chances of variation. I hope, mathematicians and experts will figure out all these small small things. This is not about deciphering.
In case, you want to stop deciphering, jumble the numbers or increase or decrease the number of digits in the result. Like if u are given 7 digit, you may enter 8 digit, 9 digit or even 5 digit as output of your method or different number of digits as outputs everytime, with a single method, which i guess is totally impossible to decipher. The trick really lies in choosing or creating methods. It doesn't mean you have to deal with complex division or fractions. Just innovative methods. Like don't operate with the same digit you have chosen, with all the digits, you are given. One simple method will be first,
Multiply chosen number 2 with first digit and use the outcome to multiply with second digit.
Subtract the chosen number 2 with third digit and use the outcome to subtract it with fourth digit.
Add chosen number 2 with fifth digit and use that outcome digit to add with sixth digit.
Keep seventh digit unchanged.
Like 4285431. Outcome 8661691.
To change the number of digits in the outcome of a given 7 digit number is also simple.
Multiply chosen number with last digit and drop that place digit. Like 2*1. Drop second place. Outcome 861691. Simple.
Another trick, generate a number. Take a digit you get, when you operate the chosen number with a particular place and mingle it with outcome anyways you like.
Example,
Given number 6387426
Chosen number 2.
Step 1: Multiply 2 with all the places.
Step 2 : Half reverse the number.
Step 3 : Choose the last digit and multiply with chosen number to get the generated number.
Step 4 : Modulus the generated number with total number of digits, which is 7 and remove that place. ( Simplest usage of generated number ).
Step 1: 2664842
Step 2: 2662484
Step 3 : Generated number : 8
Step 4 : 662484
Trick always lies in choosing the method.
Phishing is the single biggest threat for this method. If you are careful about it, even + 2 is suffice. It is always advisable to keep two methods of creating passwords, one for money transactions and highly safe requirements and one for not so critical necessities. Like, one for net banking password and one for chatting websites. Don't go and reveal your highly secure password methods in petty websites. Mostly, there will be no requirement to change password generating methods for years, if you choose a tricky method.
Even if you phish, you can maximum get hold of tens of password combinations, which is obviously not sufficient for even a super computer to decipher, not because there are lot of possible passwords, but because for the same password there are unlimited possible methods. Making that worse will be to use multiple levels of creating passwords, like using different methods again and again on the passwords, which are getting created.
Also, no website allows you to check more than 3 attempts. If a site asks password for fourth time, it is a phishing site. Go and change your method. The phishing site has to ask for fourth time or lock the user, if it is a phishing site, because otherwise you have to login. By the way, with 3 password combinations, it will be impossible to find the method. There is an advantage for using a number along with method, because if you want to change the password, which you may keep in many sites, just change the number in all sites. Also, we can check the authenticity of phishing sites, by first entering the username, and asking it to fetche out the age of the person or organisation. Only if it's correct, go for entering password. We can ask name or date of birth to display, but it will be little exposing the account holders information. Age is in neither extreme. So, it further affects the phishing sites to a very great degree.
If you say, first you will use simple methods to solve it, shows you have not understood the problem. I will explain you with a simple example. Just using only addition and only one level of operation. First, add the chosen number with first digit. More than 9 possibilities, because two digits may come as result of addition. Then add first and second digit with chosen number, more than 9 possibilities. Like wise. Leave zero gap, more than 9*5= 45 possibilities. One and third digit. Two and fourth digit. Leave one gap Likewise another more than 9*5 = 45 possibilities. 45*5 = 225. Second. Add three numbers with chosen digit. Continous. With gap. Change the gap. Unlimited simple possibilities, with simple one level addition.
Creating methods can be made simple by providing building blocks, so that even non programmers can use it to create their own method. It's not difficult, so i leave it to developers.
I tell you there is no way to decipher it. It's like working with enigma for every single password.
All member one digit or a letter and a method. My job ends here.
If say, the customer isn't good at numbers, we can create a Microsoft Password App, that will give you the output, on giving the input, as programmed by you in say, internet banking. Create a Password generator Program in Microsoft Password App. It will be converted to bits and the password method will be unrecognisable or unrecoverable. But it is not recommended for high security needs, because if you lose your phone, maybe people can give input to that App and get output, only if they are highly sophisticated hackers. Otherwise, it's quite safe.
Let's critically analyse this password technique. Is there a way to break it. Sort of. You just have to avoid certain pit falls. So, first if someone gives 1234567 or 7654321 sort of numbers, he may be able to guess it. We can avoid that. Now comes the interesting part. What if i create a phishing software that works as a bridge between the real website and fake phishing website. Puff. All hell will break. So, does that mean this password method is not effective. No, it is better than plain passwords. Also, we should not forget that it is not alternative to OTPs. It is not only good practice, but a necessity to send the Amount and beneficiary account number along with the OTP. How avoid such phishing methods. Confuse the phishing software by dynamically altering the source of display numbers which are shown in the real website. Graphic Captcha will help. Hackers have to depend on the phishing software. Because they can't manually enter anything, within minutes and the number of hackers and their timing will give problems to them.. Even if we don't use any of these methods. Getting hold of this account and to send money will require OTP. If the hacker wants to change the phone number and get access to OTP, he needs profile password and a process which needs old mobile's OTP and Debit card details. We can make profile password very easy to remember, by just altering one critical digit change. These profile password can't be accessed, because, the hacker has to show what is inside the Netbanking site, which will be very dynamic based on each individual customer. And also, the customer just wants to send money not to change mobile number. Other than phishing, i don't think there is any other application like entry to high security buildings or safes and vaults, which has this slight drawback.
