Educause Security Discussion mailing list archives

Passwords and Secure SSO

From: Kay Sommers <ksommers () VCU EDU>
Date: Mon, 20 Dec 2004 20:29:31 -0500

Secure passwords continue to a challenge.    Has anybody looked at using
PasswordScrambler as an approach to secure SSO?
PasswordScrambler is a bookmarklet or chunk of Java code wired to a
button on the browser's linkbar.  It is activated when the user is on a
page that's displaying a password field.   The script prompts for a
master pass phrase and then combines it with the domain name of the site
being visited, hashes the combination to produce a scrambled string and
puts that into the password field.  The user can use the same master
pass phrase on a different site and it produces a different password.
It uses nothing but local JavaScript code.   So the user only has to
remember one secret, derives many storng passwords from it and never
stores or transmits the secret.

PasswordScrambler is supported in IE and Firefox and is free:
http://www.onepassword.com/1p/default.aspx

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Passwords and Secure SSO Kay Sommers (Dec 20)
- <Possible follow-ups>
- Re: Passwords and Secure SSO Eric Pancer (Dec 20)
- Re: Passwords and Secure SSO Eric Pancer (Dec 20)
- Re: Passwords and Secure SSO Gary Dobbins (Dec 21)
- Re: Passwords and Secure SSO Cal Frye (Dec 21)
- Re: Passwords and Secure SSO Alan Amesbury (Dec 21)