Inspired by OpenId, I want to start a project – OpenPassword.
What is it for?
People are hesitate to register themselves from site to site. One of the reasons is people are afraid of giving password to the web sites they do not trust much. Most people do not have big memory, so they have to use the same password for all web sites. They may or may not aware that any webmaster / web owner who has access to the password database could try the same password on other sites (or even worse – for online banking). Whether people’s passwords are in safe depends on how honest the webmaster / web owner is. Even the webmaster / web owner is honest, does he have basic skills to keep password in safe? I see a lot of web sites save passwords unencrypted, which could be a disaster.
OpenId comes to solve this problem. But currently not all web sites support OpenId. What if you are in a position you have to use some web sites which do not support OpenId? You have to take care of security yourself. My proposal is:
- You register different web sites with different passwords.
- The passwords are generated with one-way encryption.
- You host encryption algorithm and salt in a safe place, so you do not need remember the passwords. Every time you need them, you generate / retrieve them on the fly.