Slashdot Mirror
Memory Tools for Password Management?
New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"
Hiding my passwords in first post yt66axe
UTF-8: There and Back Again
Having a seperate password for 50+ websites is not realistic when you plan to memorize them all. I use KeePass to have very random 16+ char passwords (that I do not bother to remember) for every place I visit, and one master password to access the database.
As a nerd, I memorize a lot of quotes. And, one can use this to one's advantage. Whether it be Star Wars, Futurama, Orson Scott Card, The Bible, or whatever your favorite work is, you can take a quote & turn it into an easily memorable password.
For example, one of my beloved authors is James Joyce so a great way to make a password from him is to take a memorable quote of his that I know: "Well and what's cheese? Corpse of milk." This password would transform into Wawc?Com. which has two caps, a period and a question mark. You can do the same with Futurama or whatever you find easy to remember. Then I just attach that quote with the website/machine/network or whatever it is. You can also append the name of the quoted character or author or actor in order to make it longer so the password might be Wawc?Com.JJ which just makes it even more difficult for a code cracking program to get at.
Plus, since I naturally love the quote, it's very easy to memorize.
My work here is dung.
Post-It notes on my monitor bezel.
After all: "Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it."
[Linus B. Torvalds]
For the pendants out there, the concept applies.
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
It gives me an excuse to take off my shirt at the office.
Use a similar password for each site, but customise parts of it
password/.
passwordgm
passwordeb
You don't want to use that for your important sites, just ones which need a password.
liqbase
The simple solution to never forgetting your password is to use "password" as all of your passwords, and the best part is that its sooo unique....
I've kept this a secret to the whole community, but
I invented this super hard-to-crack encryption routine
called ROT26x(tm). There are other off-springs in the
multiples of its own 26 bits (52, 78, 104...etc).
The cool part of it is that once you encrypt your stuff,
it is soo hard to crack, because the outcome looks exactly
like the original text you encrypted!
The larger the multiples, the more its difficult to
crack (disclaimer:higher bits will be very cpu-intensive,
and will take longer to encrypt)
if anybody wants to help write up an RFC...
GUI == Graphical User Interference
While using part of the site name concatenated to your base password is good, there are other simple ways to make it stronger. I keep a list of online sites that I have passwords for. By using a 'known only to me' algorithm, I can use a list of those sites. This serves two purposes; 1) I don't have to remember what all the sites are that I have accounts on, and 2) The base password might be the same, but could change according to how I personally categorize the site content/type as well as by what number the site is listed on my written list. Nothing on the written list will tell you anything other than which sites I have an account on, but it serves to remind me what the passwords and login names are. I do have to remember some things, but not very many compared to the number of accounts. An example is:
1 google 18
2 yahoo 21
3 delicious 8
Not decipherable as important parts are missing from the list and is only in my head, such as what to do with each of the numbers and what the base password(s) might be. It's still enough to jog my memory when required. In this example, the 1 or the 8 in the third column might indicate the base password while the first column might indicate what algorithm would be used in generating the additional password parts. The ones that you use the most are easiest remembered. The list is for those that you don't always use or have trouble remembering
Support NYCountryLawyer RIAA vs People
The methods described in this article don't seem to be very useful. I have seen one method that works fairly well. Come up with a sentence you know you can remember. It can be something out of the blue like: "I prefer accessing Gmail in Firefox for the skins extension." Then make your password "IpaGiF4zse". The first letter of each word, the number 4 or 2 for for or to, too, etc. Even other ones can be used like 8 for ate and 3 for a word starting with e. The z makes sense for a replacement of t in the because if you use the pronunciation of the that sounds like thee, z and thee are fairly similar. Those types of schemes make sense.
But the better answer is:
Get a program like passwordSafe. It's GPL and it works great it even can generate the random passwords for you with whatever rules the given site or system allows. Just copy the database file to a backup every so often and all is well.
I used to use a password-storage tool, but these days for trivial website passwords, I use hashapass, which does a one-way hash (surprise!) of a seed password with a salt like the website domain name.
That way, if I'm on a different computer or can't pull up my password storage for some reason, I can still generate my password for a website. But intercepting that individual password won't help anyone figure out any of my other passwords.
It's still weak in that the master password, not only unlocks but also determines the rest. Still, for stuff like non-financial website logins, it's a godsend.
Random passwords, then just learn them.
[*] Really unimportant sites just an easy password that's the same across all of them
[*] More important, but still not critical sites use variations on a couple randomly generated pronounceable passwords; the fact they are random means that no dictionary attack will find them, while the fact that they are pronounceable makes them easyish to learn
[*] Critical sites (like my bank) I either generate a random password and learn it by rote repetition, or I use PasswordSafe and store the password and then just open that each time I need it.
In general, just repeat the password over and over to yourself a dozen times a few times over the course of a couple days (you can have it written down during that window) and you'll probably get it.
After all, that's how I memorized 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0.
(Let's see the MPAA subpoena my brain.)
Of course you could use 12345 for all your passwords. Wait, no don't do that; that's already used for my luggage.
* Getting halcyon1234's password from his own post - 5 seconds
* Checking to make sure it was real - 20 seconds
* Customizing his user account to display a custom "goatse" slashbox - Priceless
There are some things money can't buy. For everything else, you should change your password!
I've recently discovered password safe. You just have to remember 1 password, you have access to all your passwords. You can run it off a USB drive, so you can take your passwords with you anywhere. I used to use the same password for many sites, but now I have Password Safe generate a new password for each site.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
1. Spirit Write password on sheet of paper.
2. Enter said writing in password field for new account.
3. Chew and swallow sheet with spirit writing
With this method passwords are nearly unbreakable, unless someone else can channel the spirit you used. And by eating the evidence, there is no need to memorize anything! It gets digested naturally!
The only real problem with this is that a lot of the spirits give out really crummy passwords that don't always work...
I, for one, am looking forward to the inevitable
I use the same combination as my luggage!
Can I get a DMCA takedown request for your post since that's my luggage password?
Or do we have to compare receipts for date of purchace/senoirity to settle this.
My second will meet you on the Field of Honor for our duel......I suggest Tesla Coils at 25 meters, in the English Channel, at 50 meters below sea level.
You have been challenged sirrah!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
For accounts I don't care who access (like my free nytimes.com account), and in fact want people to crack to mess up the tracking data, I use the same password across all of them.
For infrequently used sites I choose a strong password, and forget it. Then, whenever I need that password, I get them to e-mail me a new one.
For accounts I use often and care about, I suck it up and memorize it. Pull a word or two, scramble the letters, add some numbers and punctuation randomly. Oftentimes, just thinking of that word, and cause I'm predicatable, I can recreate the password.
Your ad here. Ask me how!
Just e-mail me all your passwords for safe keeping!
https://www.eff.org/https-everywhere
For years our lab (a research lab behind locked doors, open only to a few trusted people) use IC part numbers for root passwords. To avoid having to remember them, we'd just drop the device itself into the top drawer of the desk nearest a particular machine.
Not the most secure method in the world, but far better than the practices in any other academic research group I've seen. (Most do something really complicated and uncrackable. . . like taking two three or four letter English words and putting one after the other. Or, taking a short English word and misspelling it by changing one letter.)
I use one basic 7 character set which consists of letters and numbers. I modify that depending on a sites sensitivity by adding characters.
/.
....(btw, all of the information posted here is true, however I intentionally mixed up the order of things)
For example "mi2SSrs", for common sites and forums such as
For technical sites where I download software I add a three letter prefix to the main.
For webmail, I capitalize the three letter prefix.
For online money transactions I capitalize the prefix and add a character such as ~ at the end.
For my home ftp server login I add in the last 4 numbers of a high school girlfriends phone number.
All of these numbers and letters are also followed or preceded by license plate numbers and letters that I choose at random and memorize from cars off the freeway. That is changed quarterly.
Bios passwords and administrator logins are pass phrases at least 8 words long with a number set.
Now, that may sound like alot to remember, but I write down mnemonic clues starting with the lowest level of protection, and as security gets higher, each set gets words associated with the add on characters.
These clues are saved to a text file and a yellow "post-it" and labeled "Passwords". The text file goes into my home directory and the post it goes underneath the keyboard on the desktops. Good luck trying to log into anything based on what is written down.
However, after using this system for a few years, I can easily remember passwords up to 25 characters without worry about losing anything. Muscle memory plays a big part too.
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
Using the same password for all online stuff is indeed a bad idea, but you can still do that if you use PwdHash. http://crypto.stanford.edu/PwdHash/
PwdHash is a browser extension that converts the entered password into a domain-specific password. This means that the same password will be converted into a different password on different websites.
I use this tool plus SplashID (http://www.splashdata.com/splashid/) which I have installed on my PDA and PC to store others passwords and PIN codes.
Well, if you have to deal with password rules like mine it might be easier to just brute force it every time.
i.e. password must:
Be between eight and 12 characters long.
Not contain repeating characters.
Not contain consecutive characters.
Not contain the same character more than three times.
Have two special characters.
Have two uper case characters.
Have two lower case characters.
Have two numbers.
Have atleast one number within the first four characters.
Have atleast one special charater within the first four characters.
Be changed once every 30 days.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
XXX#######
I've been using Strip (Secure Tool for Remembering Important Passwords) for years on Palm. It keeps your passwords in an AES encrypted palm database with a master password. I like it over other PC-based password managers because I know that whether I sit down in front of a Windows, Linux, or Mac machine, I'll always be able to get at my passwords.
I actually wrote an article called The Art of Good Passwords. It explains the importance of decent passwords, how to enforce them, and how to enforce them in your web app. I submitted it to slashdot earlier this morning, but it's still in the firehose. if you read it and got something out of it, let me know, or bump it up in the firehose. Or tell me if it stunk. :)
I use <a href="http://eyecanseeyou.free.fr/passreminder_pa<nobr>s<wbr></wbr></nobr> sword_manager/index.php?title=PassReminder_Main_P<nobr>a<wbr></wbr></nobr> ge">Passreminder </a>. It has a "memory stick" version and is java based and works on both Windows and Linux off my FAT based usb flash drive.
So... I prefer to entertain my full frontal paranoia by not using anything digital or on-line to actually store my keys to the things that matter.
Instead, I decided to keep my keys in a little black book, old fashioned, perhaps even quaint you exclaim!
True Squire! says I, but go ahead then, have a go.. lets see you hack that book.
Of course I do have nightmares about losing the book, however an occasional trip to a copier and a safe deposit box takes care of those, for a while. Of course if you did get to read it, you'd find yourself holding a bunch of keys... to what? aha!, thats the devious and twisted bit, remind me not to share that!
For hard passwords I choose random letters and numbers in groups of 2, at least 8, 16 or 32 chars in length, depending on the resources value. Otherwise, so I am told, the encryption becomes much easier to break.
For less significant sites, I (like many it seems)use a favorite quote, condensed into a shorter string of the letters of each word.
There is no god; get over it already! Never exchange a walk on part in the war, for a lead role in a cage.
#!/bin/bash +x
#tafduotoo -arrt- gmail.com
cd $home
if [ -e
then
echo "WARNING -- PLAIN TEXT PASSWORD LIST ALREADY EXISTS"
echo "ENCRYPTING: gpg -c --force-mdc --quiet -o
gpg -c --force-mdc --quiet -o
if [ $? -eq 0 ]
then
echo "CLEANUP"
chmod 000
srm -mv
echo ""
else
echo "!!!!!!!! FAILED TO ENCRYPT !!!!!!!!!!!!! "
ls -la
exit 2
fi
exit 1
fi
if [ -e
then
echo "DECRYPTING: gpg --decrypt -o
chmod 400
gpg --decrypt -o
if [ $? -eq 0 ]
then
echo "EDITING"
echo -n "Start Lines:"
wc -l
emacs -nw
echo -n "Final Lines:"
wc -l
rm -f
echo "ENCRYPTING: gpg -c --force-mdc --quiet -o
gpg -c --force-mdc --quiet -o
if [ $? -eq 0 ]
then
echo "CLEANUP"
chmod 000
srm -mv
echo ""
else
echo "!!!!!!!! FAILED TO ENCRYPT !!!!!!!!!!!!! "
echo Do the following:
echo "cd ~; gpg -c --force-mdc --quiet -o
echo "srm -mv
echo ""
exit 2
fi
else
My password is the regular expression .*
Maybe I'm not understanding the question, or maybe it came from a Windows user, but the KDE kwallet and the Apple KeyChain serve me very well for managing my various passwords... especially since they get filled in automatically in Konqueror and Safari.
I don't use password management tools, but mnemonics. Usually I pick a text I remember (like a commercial, or some poem I remember from highschool). Then, I use the first letters of all words (or of the first n words) and use those as a password, translated to l337speak.
It sounds complicated, but for example let's say you take "Where do you want to go today?(Ms)" (I know I'll get modded to troll for this). It becomes Wdyw2gt?(m$)
Its (pseudo)random enough to be impossible to guess if you're not choosing something obvious as source (and it may be hard to guess even if you are), easy to remember and easy to customize/lengthen/add salt to it.
Also, you don't need to rely on a tool for it, and don't need to write anything down either.
Or, just you could just use 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ... I mean, who'd be able to think about that?
Tie two birds together: although they have four wings, they cannot fly. (The blind man)
I just use the MD5 hash of a much stupider password. Like 014D08BBED2681389DDEDD2A43859B07. This changes depending on which site I go to. Don't forget the salt. I use a little program I made to accept the password, then spit out the 32 hex-char hash.
Only thing that really pisses me off is sites with inconsistent character limits on passwords.
Only problem? You're tied to your own computer.
I've got a demo of this product named etoken by Aladdin, it gives you the ability to take with you your passwords on a usb token which you'll have to remember its password only, and it will contain passwords for many sites/applications.
I used it few years ago.. actually it was nice, the token itself is encrypted (3 years ago it was encrypted with 128 bit key)..
here's a link for those of you who actually needs this kind of solution (I actually don't think it worth the money, for me atleast) : EToken - Aladdin
Read and Comment at my BLOG
!!!
I use five rulesets:
- One for websites I visit but don't give a damn about. If all I'm doing is downloading a
.torrent file, reading the news, or posting a snarky comment like this one, I don't view it as security-critical. I also suspect that the hosting site does a lousy job of password protection and that the odds of a compromise are high. I use a very simple rule: A six-letter word with a digit at either end. It's always the same two digits and always one of three words.
- One for websites I visit but give a damn about because there's financial or other personal data there. Okay, here I start paying attention. I'm a little more confident about the site protecting my p/w, and a little more serious about keeping passwords unguessable. I memorized a list of ten pronounceable non-word three-letter strings (things like "feg" and "sha") and intersperse them with digits and capital letters. I select the letter strings based on the first, third and fourth letter of the site's name. The capital letters and digits tend to be more static, and their position never changes. So slashdot.org may be sha3bro2Wsha and etrade.com would be $feg3sha2Wbro (the "$" to remind me there's money involved).
- One for my personal computers. Okay, I use the same password for all root/admin accounts and the same password on all (my) mortal accounts. My wife uses whatever the hell she wants. The fact is, I run a loose little network at home because I don't want the hassle of memorizing a shit-ton of everything. Okay, the WPA key for the WiFi I generated by running the root password through MD5, but that's the only fancypants thing I do.
- Two for work. The network security gits think making passwords nigh-impossible to remember is a good thing, despite the fact it only ever results in sticky notes everywhere. Also, they expire every three months. Best of all, your new password must be dissimilar to the old one and you can't reuse any of your last five passwords. So I use two passwords that are mnemonic strings with a two-digit number in the middle I increment with each use. I alternate with every change, so first comes Icoymf1tln!, then !TchfmIta1tsf, then Icoymf2tln!, and so forth.
It all works out rather well, actually, and the contexts are sufficiently different that having multiple rulesets isn't too difficult. The nice thing about using simple variations on a common theme is that if I do have to write a password down (often for a few days after a change) I just have to write down the characters different from the base theme.And please, folks, you must make regular sweeps for intrusions, viruses and spyware, because no matter how strong your passwords are, if someone's installed a keystroke logger, you're screwed. If you think a password has been compromised, change it immediately, and not to another one within the scheme. Abandon the scheme. Password compromises are like mice -- if you see one, that usually means there are lots of them you don't see.
When I suspected my ex-fiancee's was cheating on me, I installed a key logger on computer. Caught her. When I confronted her with the e-mails she'd been exchanging with her lover, she eventually changed the password on that account -- to one she used everywhere else. That was six years ago and she still uses the same passwords everywhere. One day last year, out of curiousity and boredom I tried to log in to her Hotmail account. It worked. She's married now, to the guy she was cheating on me with. Now, though, she's cheating on him. Whore.
Cheers.
There is a new software on the market of which the source code is not really available anywhere therefor can not be cracked, I state , can not be cracked..no matter how much proding you do inside, you will not find any holes or leaks....as well, the more you use this software
the better at it you get, it is called BRAIN, which is really something that most people
should be able to use, but few do.
example... if Ineed a password for a website (sqlforums) and I know not to use the same passwords
over and over again, i can use a derivative, which means I use BRAIN to come up with a formulae that I use each time... hence the regular password (containing special characters AND numbers...) then
I add an abbreviation of the websites name...so hotmail could be hotml usually not too many characters as some websites actually have a maximum ( can you believe this???) to what a password should be ( 6 is the smallest I have come across!)
This works everytime, and also makes it easy to continue using the same password with derivative
without compromise...
However, now that you know my formulae(damn it!) I must change it, unfortunately my version of BRAIN is only 1.0, therefor, will take me some time to upgrade to the latest version
then, I will be able to reset the formulae....
Software products are certainly an option, but you could also consider a web based solution. Yes, I'm a tad biased being the co-founder of Clipperz...
Clipperz is an online password manager that can do much more than simply storing your passwords.
- ubiquitous access
- direct login to online services
- offline version
- bookmarklet for quick data entry
- nothing to install or backup
- free
- completely anonymous
Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded. The key for the encryption process is a passphrase known only to you. Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the zero-knowledge web apps. Applications where the provider is simply in charge of delivering the Ajax code to the user's browser and then storing user's data in an encrypted form on its servers. Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
Detailed information about the crypto foundations are available here: http://www.clipperz.com/learn_more/crypto_foundati ons
Clipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP, ...). Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.
More info about performing a security code review is available here: http://www.clipperz.com/learn_more/reviewing_the_c ode
You can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license. Download it here: http://code.google.com/p/clipperz
For any further information visit the discussion group http://groups.google.com/group/clipperz
Marco
Clipperz co-founder
Although its a fairly old release, I would suggest KeyRing (http://gnukeyring.sourceforge.net/) for the Palm. It has several conduits (Windows, Java, JPilot, etc.) to allow synching with your system. I have used it for years. One password, to get into the database, gets you into your password list. It has a random password generator (numbers letters up/lower case characters) - you could never accuse me of using dictionary breakable passwords. Actually after you have used a randomly generated password a few times it almost becomes automatic. I have given up on trying to remember more than about 2 passwords anyway. LW
I use the Mac's built-in Keychain. It encrypts the passwords all the while integrating nicely with the entire operating system and the vast majority of apps. One notable exception is Firefox, but I understand Mozilla is working on that.
Also, I have my home directory encrypted using File Vault which contains my keychain. My virtual memory is encrypted too.
Jason Wohlford
For me its easy, I just think of all the bureaucracy and bullshit where I work puts me through and somehow, as if by magic, an appropriate password always presents itself...
Becoming tired of remembering passwords, I wrote a little perl program to randomly generate a matrix like this:
:-) ).
a-E9 b-?p c-&m
d-6K e-aY f-eP
g-!S h-gn i-D=
j-Hd k-vw l-Cb
m-W5 n-4$ o-R3
p-x% q-7M r-NF
s-+2 t-s* u-Ay
v-fL w-zG x-Zu
y-cX z-Qr
I then print this, laminate it, and put it in my wallet (a backup copy somewhere isn't a bad idea either). Then, for every password I just remember a word (maybe "bank" for my bank for example) which gives me a password of: ?pE94$vw
Hard to guess, easy for me to "remember". If someone gets my paper (say I lose my wallet), it is still not simple to figure out what my passwords are, or even what the heck that little paper is. Shoulder surfing doesn't work too well either, unless you can memorize the whole card and then figure out which word I am using (it would be easier to try to watch me type the password on the keyboard then get it off the paper. Luckily I type fast and get annoyed when people stand over me while I type a password
I Am My Own Worst Enemy
So what your saying is that your passwords are like "Monica" and then "Monica!", then "!!Monica", then "Monica123" and "M0nica", "M0N1CA", "M_O_N_I_C_A"... ???
(*) humor, for the humor impaired
I have a lot of accounts in different places where it really would not matter if someone were to find out my password. All of those have the same password. Things that are actually important in any way can get their own passwords (well over three dozen for me), but right off of the bat, I've eliminated at least 50% of the passwords I need to remember.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
Then, if you want to generate a password for the site www.youtube.com, just type this on a Linux console: echo "slash454dot270 www.youtube.com" | md5sum for en.wikipedia.org: echo "slash454dot270 en.wikipedia.org" | md5sum for slashdot.org: echo "slash454dot270 slashdot.org" | md5sum
Well, I have tried anything (from PINs to Password Gorilla).
The winner is KeePass 1.x
- it's secure - AES and Twofish
- fast
- easy to use
- cross platform
- good import/export routines
I use the same database under my windows box (KeePass), under my various Linux boxes (KeePassX) and also my Mac laptop with OS X (actually, under ubuntu/ppc you can also download keepassx from the official repository!)
It's also possible to use the same database on PalmOS anc PocketPC.
http://keepass.info/
http://keepassx.sourceforge.net/
http://keepasssd.sourceforge.net/
about me A - B
Up until now, I've used leatherbound journals, keeping 3 copies in a safe. If I forget a password, I dig it out and look it up. But lately I've been thinking that it would be nice if I could have a Java app on a CD that I could carry around with me, and have all my passwords securely stowed in one place.
Since I've currently got to master Java DB (the embedded database) for a work-related project, I've been thinking about rolling my own password database. You would only copy it to your PC when you were altering it, i.e. updating a password or adding a new account. At all other times the whole project directory would be burned to CD-R. Maybe copied and hidden in a few locations, just to be on the safe side (like a safe, or a safety deposit box).
Here are my "requirements"; I think this project's going to be a lot of fun, and I'm looking forward to getting busy with it during my upcoming vacation:
1. The system will use public key encryption, with the public key stored in the database and the private key generated from a passphrase you would memorize. You would have to enter that phrase each time you wanted to use the software, of course.
2. Passwords would always be encrypted until just before they were about to be displayed to you. They would only be in an unencrypted state in memory, never on disk (although I'm worried about swap... What to do? Or do you even have to worry about this?).
3. You could store all the random things you need to know about the site as metadata along with your password.
4. It would have a nice GUI for working with it and be designed primarily for Linux, but being written in Java, would run basically anywhere. Note that one nice part of the project is that I would have to cook up a scheme for finding a temp directory for JavaDB on any system I was going to run on, like Linux, Windows, and Mac O/S. That's interesting, I think.
5. When fishing out a password, you'll be able to copy and paste it into a site's login dialog. Once you're done, the password is cleared off the screen and out of memory. An interesting idea is to somehow let you cut and paste it without ever actually SEEING it if you're not alone in your cubicle. More fun stuff to fool around with.
Should be fun, right? A nice little hobby project...
NO CARRIER