Life has changed, but the human brain hasn’t! It seems like every computer system or website we use requires us to create an account, which in turn needs a password. Whilst we could (and many do) choose to use the same password for all sites this is not recommended. Doing this means that if only one site you use is compromised an attacker could gain access to all your accounts.
Therefore we should use a strong, unique password for every system we use. This is where the human brain is falling behind! We have not evolved to remember 20, 30 or more unique passwords. So to help us we need to use some form of tool to help us remember.
The most popular solution is using a ‘password safe’. This is an encrypted container that stores all your passwords, protected by a master password. Whilst there are many very good services offering this service out there, not everyone is happy entrusting a third party with their passwords. Also, if that company decided to close its doors or went offline for some time – so would all your passwords!
This is where our PassEto project was developed. Our engineers were busy trying to remember all the passwords when they started developing a tool to save them hassle. Speaking to customers we soon realised everyone else could make use of our tool. So we have decided to release it completely free of charge. You can download and use the tool with no need for a third-party online tool.
How does it work?
There are many random password generators available that will create a very strong password. However the important word israndom. Every time you run them they generate a new password, meaning if you don’t record them there is no method of recovery. PassEto works by generating passwords that appear random, but are guaranteed to be the same given the same input data. This means you don’t have to store your password anywhere as it can be re-generated on demand.
The process of generating your password makes use of a technique called ‘hashing’, a mathematical process that is irreversible. Often referred to as ‘one-way encryption’, there is no automatic way of reversing the process and obtaining the original data.
How do I use it?
For every password you want to generate, you will need three pieces of information: name (for websites this would be the address, i.e. www.twitter.com), your master password and a PIN. The last two should be the same for every password you generate. This means you only have to remember one password and a PIN number. Just enter the name of the website or system you want your password for and PassEto will generate you a unique, strong password.
How safe is it?
By using a combination of the system / website name, your password and PIN, your data will be run through thousands of iterations of irreversible hashing and modifications. The only way an attacker could attempt to obtain your password would be by effectively running a simple guessing game. Each guess would involve thousands of iterations, meaning any attempts could potentially take thousands if not hundreds of thousands of years to run!
How do it get it?
We have desktop versions of the application for Windows, Mac and Linux available to download. We also have an online version coming soon so you can use if working on a different computer.