UsableLogin lets you use one password for all sites

SAN DIEGO--The password problem may finally be solved!

Usable Security Systems announced here at DemoFall on Monday a new service that will let people use one password on any site on the Web.

Basically, you will only have to remember one codeword for all the sites you log into, once the UsableLogin service launches in early 2009, says Rachna Dhamija, CEO and founder of Usable Security Systems.

The authentication service strengthens the codeword you choose by cryptographically combining it with additional random bits of data. The additional data is different for each site accessed and is dispersed on your PC and on Usable Security servers. That renders the codeword impossible for anyone else to guess but easy for you to remember.

Usable Security doesn't store or save the codeword, and it isn't displayed to Web sites.

The service allows you to view log-in activity across all your accounts through one dashboard. You can personalize your log-in with images you supply or pick from options so that you are assured that you are at the legitimate log-in. The service can be configured so that you can use it on different computers, such as at home and at work, but still remember only the on codeword.

Consumers will be able to download a browser extension that displays a UsableLogin box for free. It works with any site that accepts passwords and works with any operating system or browser.

Web sites will be able to offer the authentication service to their customers, for a fee that has yet to be determined, Dhamija says. The sites will be able to insert a snippet of JavaScript on their sites so the log-in box will be displayed.

In the future, the service will allow browsers to automatically remember the codeword for each session, she says.

On average users have about 25 accounts and users log in about eight times a day, she said in her demo.

Updates with announcement taking place.

[skswave]

this exists in all dell comercial machines as the Personal Infomation Manager as part of Embassy trust Suite and uses the Trusted platform module to hold the authentication credential for each website. The user has the option of creating a password or using a randomly generated password by the TPM in any case the user then supplies a common password to the TPM with then releases the password to the web site. The use of the TPM ensures that if a machine is borrowed or lost that the access credentials are not stolen. Leverage the access control hardware that is on millions of PCs and we will make the authentication problem go away. The goal is to move all of the websites to support strong authentication with 200+million TPMs shipped the case to addopt is getting stronger every day. Floppys went away parrallel ports went away, now passwords can go away.

Steven Sprague
Wave systems Corp.

[Harlan879]

Check out PwdHash from Stanford University. Completely free and does essentially the same thing. http://www.pwdhash.com/

[Michichael]

@ Skswave

Except the Embassy suite is a piece of Bloatware that nobody in our company uses and is usually immediately removed from any incoming computers along with other bloatware such as Dell's SearchAssist and DesktopWeather. It consumes too much memory, is overcomplicated for the user, and is easily bypassed with any encryption cracking tool that can pull the key from RAM.

Care for take two?

[mde10]

actually I don't think you can pull the key from the RAM like a software attack, I have heard of altering the program from the RAM after it has been measured and approved by the TPM

[ahpull]

There are many sites like this online aren't there? I use www.mashedlife.com and from what I've read, this just lets you log in to your sites using one password. At Mashed Life, I just log in and my passwords are already memorized by the site. Then I just click the site I want to go to and it logs me in.

Does this site do anything different?