Passwords

I couldn't sleep last night. Probably too much caffeine or coding, most people count sheep to help them sleep. I thought I'd invent an authorisation system :)

The basic idea is that a password is replaced with a Text file key and PIN number, so a user only needs to remember a 4 digit pin number to login to a web site rather than a username and password combination. Every time a user wishes to login they simply find the relevant file with the key and enter their name and pin.

The text file contains a string with "HeyesKey:hashgoeshere@domaingoeshere", this is important because it solves the problem of phishing as well. If the browsers decided to implement a clipboard check or submission check then sites could be identified as bogus really easily. Now even if an attacker found your HeyesKey text file and they knew your first name, they would still need to guess the correct PIN number in order to login. The system borrows from the real world with how ATM machines works, so the Key is like your debit/credit card and if you enter your pin incorrectly 3 times the account is disabled.

See a demo here:- http://www.businessinfo.co.uk/labs/HeyesAuthMethod/heyes_auth_test.php

Source code here:- HeyesAuthMethod

Advantages:-

1. Could prevent all types of phishing.
2. 4 character pin instead of a long password.
3. Keys stored in plain text so they could be encrypted and stored in
   a safe place.
4. Accounts can be disabled because brute force DOS attacks would be
   very difficult.

Disadvantages:-

1. Could be hard for someone to understand at first.
2. Users might not like copying and pasting a text file to login.