Identity

Someone really needs to get working on a better, more ubiquitious method of authentication or at least some way of integrating existing online username/password combinations!

At last count I had:

1 Hotmail Id
1 Rediffmail Id

1 GoDaddy Id
1 hi5 Id
1 Hungama Id
1 SXC Id
1 Twitter Id

and about 10 or so assorted Ids for site's that I don't visit as frequently. Luckily, Google owns Blogger, YouTube, Picassa, AdSense, Webmaster Tools and Orkut, so that gives me 6 more sites with the same Google accounts that I use for GMail. Feedburner has also been bought by them so I'm expecting a switch to Google accounts there too.

And then there are the 'real world' Ids/passcodes I need to remember.

2 Debit Card PINs
1 Credit Card PIN
1 Mobile phone PIN
1 Mobile phone PUK
1 Mobile phone PIN2
1 Mobile phone PUK2
1 PIN to the control deck of the Death Star ( Alright so I don't have this one. What? Yes! It is real! )

How can anyone be expected to remember all of these? I'm managing fairly well right now, but I foresee the coming of the dreaded age of forgetfulness someday. And unless Google takes over everything by then, I'm afraid I'm going to have to start writing down sensitive information like this!

PS: I did try to make a simple application to encrypt and save my passwords. It uses a simple substitution algorithm so it's not very good, but it's a shade better than writing stuff down in plain text!

PPS: Quite a few people seem to be working on image based passwords; but nothing seems to ready for widespread use right now.

10 comments:

Charles said...

There are password managers that perform strong encryption. Some are free. Some are even freeware. Try Sourceforge, or do a Google search. No need to reinvent the wheel.

Charles said...

Addendum: Unless of course, you just want to do it as an exercise, which isn't a bad thing to do. I do that sort of thing, but I admit that I don't do a lot of things that require encryption.

no.good.at.coding said...

Well, Charles, till a few months ago, I didn't really have these many IDs and so I didn't really feel the need for any password managers. Ever since I've bought my domain name, the number of services I've signed up for has gone up dramatically!

Thanks for the tip, I'll look around for something that suits my needs :)

Also, you're right, it was an exercise. We'd just completed an introduction to encryption and I was taken with VB6 at the time, so this was something I'd tried my hand at :) It was fun, though it's not very usable.

Charles said...

There's also the concept of SSO (Single Sign-On), that you could implement using AD/AM, but that would be a bit of overkill. I can see using it for an enterprise, since it can save significant amounts of time and thus money, but with only your own account, I don't know that you would be willing to load it up and keep it in memory every time you boot-up.

no.good.at.coding said...

@Charles: I was looking more for solutions for web-based services like Yahoo! Mail and GMail and others. There are just so many Ids and passwords that I need to keep track of; and the number just goes on increasing!

no.good.at.coding said...

Here's an interesting cartoon-strip kinda in context: http://www.basicinstructions.net/2006/09/how-to-pick-password.html

Charles said...

It does kind of make the point, if you have your PWs stored on a website, they need to be secure. What makes me think "certificates" may be the key here?

Charles said...

Question:
Have you checked out Windows CardSpace?

Wolfestine said...

Hey... U could check out the cool J2ME applications they have for cell phones to store passwords... Or well knowing you... you could even create one of your own... Since a cell phone is such a pvt place... you wouldn't need any complicated encryption technique... A simple password like NGAC should suffice to access your passwords... And what's more is that your password safe is mobile too.

Ifsc Code said...

know IFSC code of any bank.