Educause Security Discussion mailing list archives
Passwords and Secure SSO
From: Kay Sommers <ksommers () VCU EDU>
Date: Mon, 20 Dec 2004 20:29:31 -0500
Secure passwords continue to a challenge. Has anybody looked at using PasswordScrambler as an approach to secure SSO? PasswordScrambler is a bookmarklet or chunk of Java code wired to a button on the browser's linkbar. It is activated when the user is on a page that's displaying a password field. The script prompts for a master pass phrase and then combines it with the domain name of the site being visited, hashes the combination to produce a scrambled string and puts that into the password field. The user can use the same master pass phrase on a different site and it produces a different password. It uses nothing but local JavaScript code. So the user only has to remember one secret, derives many storng passwords from it and never stores or transmits the secret. PasswordScrambler is supported in IE and Firefox and is free: http://www.onepassword.com/1p/default.aspx ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Passwords and Secure SSO Kay Sommers (Dec 20)
- <Possible follow-ups>
- Re: Passwords and Secure SSO Eric Pancer (Dec 20)
- Re: Passwords and Secure SSO Eric Pancer (Dec 20)
- Re: Passwords and Secure SSO Gary Dobbins (Dec 21)
- Re: Passwords and Secure SSO Cal Frye (Dec 21)
- Re: Passwords and Secure SSO Alan Amesbury (Dec 21)