Friday, March 30, 2012

Passwords: It's No Secret

We need “keys” instead of passwords. The complexity of the password(s) does not help. If your like me, you dread another password prompt, as they add up from dozens to hundreds of passwords for different sites. If you can't remember them, you write them down, so they're no secret.

An alternative to passwords are the agent sites. The decent ones let you use “keys” instead of passwords. OpenID and OpenAuth are both examples of such agent protocols that do verify your key. Under past implementation, the web-browsers stored the keys in the same area of passwords, so they didn't seem too much different except you didn't have to type your password if you owned the hardware that had the web-browser. Newer implementations let you store the keys in other locations, like on your USB stick. With the more portable option of keys, web-browsers that connect to the agent site for verification allows easier “boot into [web-browser]” mode.

I made that verification step sound simple over passwords. Well, it is simpler. People haven't trusted agent sites as much, yet major social media sites have already started their support of them. The use of one of any of them is always questionable security, so those that sign keys onto keys by the user's preference of order of those keys is significant. I haven't seen that implemented enough.

[Note: Let's not set aside NLP here... for the “virtual” key...]

How do people support the simple key? Computers generated complex keys. We know complex keys; however, the first password you must know: simple. If it's not that simple, catch-up, or catchaIP. How many people in the world eat “mustard and ketchup?” Besides simple, you mustard ketchup. You put in your key, then. It is like any other catch phrase or pass-phrase. Let there be some governance between you and someone else that knows what you eat.

Was that too simple? Maybe you expected something complex. Once that repeats over and over in your head then it or id weighs that out and measures them. Did that sheet in the library book tell your story? Again, maybe you know the distance of your food supply. Simple would be if you also knew the cost of that distance, in your local currency. Squared.

Oh, that is too complex, again. Times two, then.

That is squared and that is times two. Sometimes that is still the same.

Arithmetically; there is an answer kept secret until given. Some say bad words exist, too.

[Addendum-to-note: it relates to the above for “useful” memory techniques, in NLP.]

Those complex keys, how often do you know each character in sequence? Can you always enter that correctly? Fortunately, human-error never did.

I thought bad words make good passwords; this is no secret. What are the dimensions of eight of nine if Schrodinger’s cat is in the middle?  What are the dimensions of 26 of 27? What-if you are in the middle and you counted each letter of the alphabet around you, do you think of that as variances in normal vectors of cubic surfaces or tangent points on an infinite spherical surface? Distance is like “c” in “e equals m c squared, if m is equal to pi.” E varies; true or false? Nobody would want to answer that.

Nevermind, your brain weighed those questions. Maybe let the computer scan your brain-waves for the answer [or for the “virtual” key] before you stress about those letters. When the answer is too simple, it's not complex enough for speech. I decided the brain scan scares people away unless it is fashionable.

They think I'm bizarre, yet “they” still ask what street you live-on. Let's consider that episode of Persons_Of_Interest that advertised something they said about social security numbers, like an imposter. If you had two social security cards in your hand and they are both the same number, then would you hand both of them to the same person?

[*ahem*: it's not code. Two or more people, same social, it happens. Same social, two different people, same name, now that calls for mini-quadcopter surveillance.]

Does your “settings” let you change what your home page looks like by how you typed in your password? Or, PIN#. I wanted something typed here about changes in the login/password prompt, so that it only asks for real name and SSN, but the anonymity of molasses has merit to the anomaly of existence. Something is significant there, and there are other ways how we argue these points, without intelligence. Maybe the “setting” is about crackers and lottery tickets, like cheese and wine, or something other than sticky fingers that look over your shoulder.

Use of agent sites, numeric names, certificates, and solid-state “keys” (i.e. class-rings) lets the overall process (above) appear less... [NLP] profound. Also note, people have said “user-agent” in place of the “web-browser” (buzzwords); maybe because, it doesn't make sense: to go to the web to use the web-browser when it's the other way around. I wanted the more technical explanation that expands upon user-agents, yet I don't want to cause any battle over protocol and implementation subjects. Especially, where the user goes to the Internet that then accesses any agent site for their web-browser.

[*Nudge*: The “canvas” mode of web-browsers has shown promise for such browser-in-a-browser, yet people don't want the extra scroll bars. It all has needed further lower-level redevelopment.]