GoSecure

Introduction

GoSecure is a simple mechanism by which you can securely generate and retrieve all your passwords for use online and elsewhere. Using a single passphrase to manage all your passwords means that you can have a different, secure password for each website you visit. Using a simple bookmark you can safely retrieve your passwords from anywhere in the world. Never be stuck without your passwords again!

GoSecure does not use a database to manage your passwords and your passphrase is never transmitted to anyone. This makes GoSecure safe to use from internet cafes and in other untrusted locations. You can even run the applets completely offline. GoSecure uses an algorithmic process to generate unique passwords based on the specific information about the service in question. The addition of pronouncable password generation means that GoSecure can also be used for things like telephone banking, where verbal security is required.

With GoSecure the only piece of information you need to remember is a single passphrase, from which all your passwords can be reproduced. However, care must be taken to ensure that the passphrase is not forgotten as there is no way to retrieve it, but because the same passphrase will be used for all your passwords, you will use it regularly and should therefore be less likely to forget it.

Using GoSecure does not stop you from managing your passwords using a secure 'wallet' and in fact this is encouraged when possible, as it avoids the need to retype your passphrase repeatedly. What GoSecure gives you is:

Essentially the mechanism behind GoSecure is an algorithm for generating passwords from a given username, service string and passphrase. There is no infrastructure requirement and there is no reason that this algorithm cannot be implemented in other languages or for other Java profiles.

Currently this work is only a proof of concept. I have not yet decided on a license to go with the source and I am still considering the exact nature of the algorithms to use for password generation. If you do wish to use this version of GoSecure to manage your passwords then that's great and I will ensure that even if the main version changes, there will still be access to the original applets. If you are worried about managing your passwords from this site then you can simply download the current version and run it on your own site.

If there is enough interest in this idea then I would be happy to set this project up somewhere like sourceforge.net and look to making a standard set of implementations (browser plugins, MIDlets, JavaScript etc...). If you are interested in working on different implementations of GoSecure or have an idea which you feel might improve the current system, please let me know. You can contact me via .