Almost all modern computer networks and web applications have a user password to access encrypted personal and sensitive data. Many times, the password themselves are encrypted. The reason for encryption of passwords is that the password itself is sensitive personal data. Passwords are the key to a user's privacy, so they are personal, sensitive and not even the web application or network host should know them. If the password to a web application or database is compromised, then all the data is compromised as well. There are many methods used to create and store complex passwords for users, but even those methods are not infallible if the password is not strong enough, as a brute force attack (iteratively trying every possible value) or a dictionary attack (trying a subset of preferred values) can still reveal the password. Some of these tools to carry out these attacks are even available on the Internet, for example the John the Ripper password cracker.
Users with weak passwords are often victims of hackers and spammers who exploit security holes in computer systems. For example, a hacker can crack a weak password on an email account and the hacker uses the account to circulate spam or even commit identify theft. A weak password also opens computer networks to worms, trojans, spyware and other forms of malware used to infect the computers of people visiting the site. As such, it is generally recommended that a strong password is at least six to eight characters in length and should contain a mixture of numbers, letters (both uppercase and lowercase), and symbols. However, these passwords are often difficult to remember. Putting the password on a sticky note next to the computer monitor represents a security risk as does keeping a Word document, notepad file, or excel spreadsheet that contains all sites and passwords. Often times, users will use the same password for multiple sites. If one site is breached, such as email, then often another site can be breached, such as one used for banking.
It is possible to encrypt a “master” document containing these strong passwords, but if that master file is lost, corrupted, deleted, stolen, destroyed, breached or the user forgets the master password, the data can be forever lost. While there are password repository websites and Internet browsers that save passwords, these can also be breached and their databases revealed or hacked and shared. Further, these sites require a user to create a login credentials to an account that saves their passwords in a database for future retrieval, thereby keeping records of the user, their input and the passwords generated. Thus, there is a need for an invention that eliminates the need for any 3rd party record of passwords as well as saved hardcopies or digital files, which can be lost, stolen or destroyed. Further, there is a need for an invention that can create passwords that are difficult to hack or guess by allowing the user to input secret information that is easily remembered, such as a secret phrase and pin number.