Friday, April 29, 2005

Making old technologies new By Jon Udell

Making old technologies new By Jon Udell:
Here�s a case in point: Last week I blogged about a simple solution to the thorny problem of Web SSO (single sign-on). It�s a bookmarklet -- a chunk of JavaScript code wired to a button on your browser�s linkbar. You activate it when you�re on a page that�s displaying a password field. The script prompts you for a master pass phrase, combines it with the domain name of the site you�re visiting, hashes the combination to produce a scrambled string of characters, and writes it into the password field. Use the same master pass phrase on a different site, and it produces a different password. It works repeatedly in most browsers, using nothing but local JavaScript code. (IE restricts the size of bookmarklet scripts by default, although you can work around the limitation.) Bottom line: You remember one secret, derive many strong passwords from it, and never store or transmit the secret.