Object-based Password (ObPwd) prototypes
Please
keep in mind that these prototypes are still in progress. Please email (mmannan
at gmail.com) your feedback. The HotSec'08 paper is available here.
Presentation slides (PDF) are
here.
What is ObPwd?
ObPwd is a technique to generate strong text passwords from any web object
(selected text, images, and URLs), or your personal digital content - such as
your photos, audio/video files, and documents. You must keep your password
generating digital object (local files or a pointer to web objects), but do not
need to memorize the generated password. Using ObPwd tools, you can always
re-create your password from your web content or files whenever you want.
ObPwd related FAQs.
ObPwd Firefox extensions and Applications
-
(Tested on Firefox versions 2.0.0.20, 3.0.11, 3.5.)
Usage:
While using Firefox, bring up the context menu (i.e., right-click) after
selecting some text, an image, or a link of your choice on a web page. If you
want to generate ObPwd from your local file, you don't need to select any
particular web object. You will see one (or more) of the following four menu
items under the Object-based Password (ObPwd) menu:
- Get ObPwd from Local
File: Generates ObPwd from a local file (a file
dialog is used to get your selection).
- Get ObPwd from Selected Text: Generates ObPwd from your selected
text on a page. Pure text is used from the selection without any
formatting information.
- Get ObPwd from Image: Generates ObPwd from the selected image (the
one you right-clicked on).
- Get ObPwd from Link: Generates ObPwd from the link that you
right-clicked on. Only certain types of HTTP and HTTPS links are
supported (e.g., pdf, mp3, avi, txt).
Auto filling password box:
If you right-click inside a password input box and generate a password through
ObPwd, the extension will directly copy the generated password into the password box.
If you initiate the extension from anywhere else on the page, you will be given
an option to copy the password in your clipboard (which you can then paste at
any site of your choice).
Preferences (use with caution):
Now you can change the password length, include some special characters, and
enable password creation from any URLs. Once you have changed these preferences,
your password will be generated accordingly; i.e., ObPwd preferences are global,
not site-specific, and the extension does not remember your settings for any
specific site. So if you generate a password with certain preferences, you must
make sure that the same preferences have been selected when you want to
re-create the password.
Example screenshots of the extension are also available.
-
Usage:
Same as above, except that this does not support preferences.
-
Usage: Same as above, except that this does not support
generating ObPwd from local files, and have no preferences.
Example screenshots of the extension are also available.
- Windows Application (unzip to run the obpwd
C# application inside, you may need to install the Microsoft .NET Framework)
Usage:
Click on the `Select File' button on the application, and select any local file
through the file dialog. Your ObPwd password will be generated from the selected
file.
Recommended files / web objects for ObPwd
- Choose any file or web object personally meaningful to you - as you must recall this
when you want to re-create your password.
- System files (e.g., windows applications) should not be used - as they may
be automatically updated.
- Publicly accessible files (e.g., personal websites, social networking
sites), or files shared with others should not be used.
- Web objects that generally do not change should be chosen (e.g., snapshots
of old pages as archived at
archive.org).
Notes on the generated password
- The password length is 12 characters, alphanumeric.
- There is no special character in the generated password.
- At most the first 100,000 bytes of your object (file/URL/text) are used for
generating a password.
Please send any bug reports or other feedback to: mmannan (at)
gmail.com
Thanks,
Mohammad Mannan
Homepage: http://www.csl.toronto.edu/~mmannan