Passwords obviously are important and most people know by this time how to pick a good one. For many people, the problem is not so much that their password is weak and too easy to guess or steal (though this is still a common problem.) The problem is that they use their same strong password over and over again -- meaning if it is compromised at any one of the sites where they use it, it can be misused at another one. mushpup can help you pick a strong, secure, convenient password. More importantly, however, it can make your strong password stronger.


A Password Strategy

Governments and organizations use different classifications to categorize their information. For instance, the US Government uses three basic levels:


This is a good model to follow in protecting your own private information. However, you can probably get away with just two levels:


Really Secret would apply to those situations in which the discovery of your password could lead to major financial loss, inconvenience, or embarassment and involve things like your Social Security Number, credit card number, primary email address. Secret would be for the rest -- stuff you would prefer to keep secret or restrict access to but wouldn't be a major crisis if breached.

Mushpup is not meant for Really, Really Secret situations. But it is ideal for the rest.


Your Low Security Password Is Your Mushpup Secret Word

The first thing to do is to create a different password for each of your privacy levels. Some of the sites listed here can help you come up with strong ones. Try to avoid as much as possible writing these passwords down. Commit them to memory and never share them with anyone.

Do you have your two passwords? This is where Mushpup comes in. Your Low Security Password is also your Mushpup Secret Word. With it, you can create an almost infinite number of distinct working passwords while only having to remember your one Mushpup Secret Word. How does it work?


Mushpup on the Internet

Mushpup is really meant for the internet where you probably need passwords the most. It is not recommended for really important sites, like your bank or primary webmail websites, though with a well thought-out password strategy, it can be used to make access to critical sites more secure. For less critical sites, however, like a wiki login or a secondary email address, mushpup is perfect.

Whenever you have to register for a non-critical website, just open up the mushpup page, put the site domain and your Mushpup Secret Word in the form and get your new password. Then use this as your password on that site.

Why not just use your Mushpup Secret Word itself as your password? Well, again, if someone gains access to your password through the negligence or malice of that particular website, they won't thereby have access to any other sites. The real beauty of mushpup is not that it makes your password on that particular site safer, it makes your password for every other site you go to safer.

But what makes it really cool is that it provides a convenient, secure way to obtain your password from anywhere on the internet. Just drop by mushpup.org, put the same information (site and mushpup secret word) back in the form, and there your password is. No need to memorize it. No need to write it down. And it's even immune to keyloggers.


Additional Information

Wikipedia: Password
Security Engineering by Ross Anderson, Chapter 3: Passwords
feature box: mushpup.org
Valid XHTML 1.0 TransitionalValid CSSWikkaWiki