I hate having to remember passwords, especially if they are complex/secure and I'm sure others feel the same way.<p>So I had an idea, what if instead of having to remember a long, secure password, I just need to remember where to find it? As an example, I could use a permalink of a YouTube video as my password, this way I don't need to remember what to type in, just where that video is located and copy paste the URL whenever I need to login.<p>Sure, such a approach has drawbacks such as how to make sure the video/url doesn't disappear, but otherwise I don't see how an approach like this can't be viable.<p>But I'm not an expert so can anyone tell me if this is a good idea or a bad one?<p>Thank you!
Hopefully I'm not derailling the discussion too much but, while on the subject of alternatives to passwords, I've long wondered why ssh public/private key pairs are not used for logging into websites?<p>I use ssh with public/private keys to log in to various servers I host websites on, to connect to git repos, as well as to connect to 'things'on my local network, such as RaspberryPis, etc. It's about as painless as you can get and is very secure. So why is this method not used more widely on the web in general?<p>I realise that currently it's not very user-friendly to create and upload ssh keys, as we have to do it from the command line. But I wouldn't have thought it beyond the wit of software developers to put an idiot-proof GUI on top of the procedure. Then, whenever we need to create a login for somewhere, we'd just upload our public key and we'd have passwordless login.<p>It seems so obvious, there must be a practical reason it isn't done. So, what is it?
Let's start with something similar: instead of YouTube URLs (which may change), you turn the domain name into a number. That number is a page of a specific translation of the Bible, and you pick the first verse. Same idea, but the format won't change.<p>Will this work for you? Yes. Will it scale? No. Here's why:<p>Once I know the system, I can easily use it to impersonate you. You could add a secret, in which case all I have to do is run all verses, one by one, until I find the correct one. You could add requirements for a "safe" secret, in which case we just re-invented passwords. Keeping the book secret won't work either, because if I know your scheme I just have to observe which books you check more often.<p>There's also the issue of password reuse, with many people using the same password. Running the scheme with the top most popular books is likely to work well.<p>At the end of the day, if you keep the whole scheme in your head then you'll be fine, and you'll have a reasonably safe password. But a system that gets more insecure the more people knows about it is unfortunately not a good scheme.
It's an interesting approach. I can see it been useful if you need to log in from somewhere new and you don't have any of your gear with you, but relying on an external site to not change their links is dodgy.<p>You could put a page on your website with a key like mysite.com/mypasswords.php?key=1234 but that's not really that secure either. I agree with the others, you're better off just sticking with long random passwords and a password manager.
Facebook does some jazz for my friends where they can log in by selecting a few faces. So that's kind of similar.<p>I'm with imaginenore on this one, just use long randomly generated passwords.