PMPM - Making Password Management Easy & Secure

hakerdefo

How many online accounts do you have? Chances are very high that you have more than 10 online accounts. According to one survey average Briton has 26 online accounts. Now it becomes next to impossible to create and remember strong passwords for all those accounts. Most users use weak passwords because they are easy to remember, And many people use one password for many different online accounts. Security guys can preach all they want but ease of use and less to remember the better mentality wins all time and every time, A cold fact!
Here I propose a radically different solution to the password management problem.
You will have to remember only one password. Can you remember one difficult password? Most people will be able to do it. We will call it "Master Password". This one "Master Password" will let you manage all those different online accounts! One "Master Password" will let you use super secure passwords, all very different from eachother, for your online accounts no matter how many accounts you have! Wanna try?
Here you go, Just download the attached script "pmpm_cli", Save it somewhere in your $PATH, chmod 755 it, And you are ready to go!
Wait a second, How to use this "PMPM" thing I hear you say!
In short you remember one secure "Master Password", run "pmpm_cli" script, enter "Master Password", online account name (vsido.org, gmail.com, sourceforge.net, github.com etc. etc.), your user name for that particular account, password length and voila! you get your super secure password copied to your clipboard. Once you are done using (read pasting) the password, the script will remove it from the clipbord. Nothing is stored anywhere. There are no databases, nothing. All you need when using another computer and/or another distribution is this script. No need to save-copy-carry anything. Just run this script whenever you need your password for one of your accounts. You can use it on any computer running gnu-linux. Just one 10 KB script and one password for managing-securing as many online accounts as you want! Need more help-info? Worry not just run the script "pmpm_cli" and use the inbuilt "Help" function for more info and usage examples. And in any case I'm always here in VSIDO forums so you can ask any question-query here and you will get any help you need.
Cheers!!!
You Can't Always Git What You Want

a

ok tried it out.
Worked well for me and was easy to understand.
But what if I forget my master password (or in my case I used a phrase).
Would there by a way to have it offer you a stored hint? so when first creating your password it would also ask you for a "reminder hint" and the reminder, but not the pass would be stored somewhere?

hakerdefo

I think it's a good idea. I'll see what I can do! Thanks a metric ton for the feedback!
Cheers!!!
You Can't Always Git What You Want

Snap

Hey, hackerdefo. There's something i don't get. Shouldn't the passwords be stored anywhere? I don't understand how the script can remember or grab the passwords if they are not stored somewhere. And if they are stored, are they encrypted?

a

They dont get stored anywhere, the script makes a code from the username for that site and the user name stays the same, so when you type in your username it will always give you the same code(ie password) for that username. I dont understand fully  myself but it takes your master pass which also stays the same and somehow that interacts with your username in some clever way I don't know about!

hakerdefo

Hi there Snap,
Nothing is saved or stored anywhere so no need to encrypt anything and since nothing is saved-stored, nothing is going to get lost-stolen-hacked. Only thing a user needs to remember is 'Master Password'.
Here is how it works. You start the script. You input your 'Master Password' when prompted. Next you input the name of the website i.e. 'vsido.org'. Next you give the username for that site. The script uses a formula called 'one-way hash function' to calculate 'message digest'. Now a deviation of even a single character from either Master Password, Website Name or User Name results in completely different 'message digest'. Here are links for more in-depth information on technologies used in the script,

https://en.wikipedia.org/wiki/Cryptographic_hash_function
https://en.wikipedia.org/wiki/Whirlpool_(cryptography)
https://en.wikipedia.org/wiki/OpenSSL

To clear what could be the biggest confusion, you can't use your current passwords with the script. The script will generate super strong passwords for you for a given username on a given website. Yes, this means that starting point can seem a bit boring and tedious as you'll have to change your old (current) passwords with the ones generated by the script. But the benefit of stronger (almost impossible to hack if 64 bit length is chosen) passwords without having to remember-save them outweigh anything.
And even if you lose you current system be it software or hardware, you don't have to worry about anything as you'll only need this script from here and that one Master Password from your memory to get going again.
Cheers!!!
You Can't Always Git What You Want

Snap

Thanks for the clarification, guys. All clear. Now this a killer script! It makes keepassx and similar stuff to feel like toys. LOL.

Time to change a few passwords. Thanks a lot for all your great scripts, hackerdefo. Keep 'em coming!

Snap


hakerdefo

Thanks for trying it out my friend!
No it's not in the GitHub yet! A GUI version of this script is 70% ready and then there is another half-ready GUI version of youtube downloader. Think I'll put them all together on GitHub once they are completed.
Thanks again for testing!
Cheers!!!
You Can't Always Git What You Want


hakerdefo

V2 of PMPM is a complete rewrite, hence I've started a new thread. Use V2 instead of this version please.

http://vsido.org/index.php?topic=1262.0

Cheers!!!
You Can't Always Git What You Want