Stop remembering passwords

Every day we hear about hackers stealing password and accounts. Just one week ago 1.2 billion passwords were stolen, and The Fappening hacker shown the content of the phone of Jennifer Lawrence, Selena Gomez, and many others. Nevertheless, we continue to trust somehow the passwords, which are insecure, we often forget them and, finally, we complain when someone hacks our E-mail or Facebook account. Ask yourself:

  • What can happen and how much time will your waste with a stolen Facebook account?
  • Are you using the same password everywhere? If so, do you know how dangerous it is?

In this article, I will present one of the most secure methods to overcome the old password fashion.

_Video: \[The Fappening](http://en.wikipedia.org/wiki/2014_celebrity_pictures\_hack) - Reddit reacting to Jennifer Lawrence nudes\_

Why is the same password method so insecure

Reusing passwords for email, banking, and social media accounts can lead to identity theft. Imagine an attacker who steals your Twitter account password. What happens if it is different from all the others? Now Imagine the contrary.

(Extra: is your password secure?. This method only checks the length of the password, comparing it with a normal PC attack. It is simplistic.)

What’s the solution

My solution is to use Mitro, a project that allows you to generate, store and use different passwords on the websites you normally use. Let me explain better: let’s say you want to create a Facebook account. In this case, you go to the registration page, and Mitro will generate for you a password, which is very difficult and random. This password will be stored in Mitro and the next time you login on Facebook, it will fill the login form for you. You don’t even need to know your own password!! Mitro will also generate for you a truly random password, which is not dependent on any personal information or existing word.

Mitro screenshot

I never trusted password managers: what if someone hacks or find the list of my passwords? It’s a single point of failure, right? With Mitro, this is theoretically not possible. As their Security FAQ says: “Mitro is designed so that only you, and the people you share with, have access to your secrets. Your passwords never leave your computer without being encrypted, so no one, not even Mitro, has access to them”. Great!!

From the moment I gave a try to Mitro, I deleted all the cookies and changed all the passwords of the website I normally use. Mitro saved me!

Let’s try!! First of all, I will change the password of Facebook, just to show you how the system works. I generate the password with Mitro, and I copy-paste it in the Facebook form. It’s a strong password!

At this point I log in. In my case, I had a different password saved in Mitro so I will memorize the new one.

Facebook login

Now, when you need to log in again in the website, Mitro will take care of the rest

Mitro Facebook login

So you will not care about remembering passwords anymore, and your internet life will gain a new type of security. Don’t you trust me? Try it on one website! Try to change a password and use Mitro from that moment, please! After this, share your thoughts with me, please. I’m curious/interested :)

Mitro was recently bought by Twitter. The extensions are for Chrome, Safari, and Firefox. There is also an iOS app.

Why Mitro and not the others?

There are many other similar solutions, like LastPass, so why did I choose Mitro? Especially after the NSA revelations, I seriously reconsidered Open Source in the security field. Open source allows people to read the code, understand if a company uses your information differently but it, also helps with getting more eyes on the code. The recent Hearthbleed bug proved it: a super small modification in the code allowed a serious security bug which affected the 90% of the websites on Internet, including Facebook. If OpenSSL weren’t Open Source the Heartbleed bug would probably have never been discovered.

Mitro is Open Source: everyone can review/contribute the code in this GitHub project. I personally do it.

Mitro even allows you to run your own server, if you don’t trust the Mitro servers!

Is it the future?

Yes and no. Mitro attacks the problem on the “password side”: it allows you to use the websites in the old way, storing your passwords and increasing the security. The future will probably be about using different types of access methods, like OAuth, Mozilla Persona or considering obsolete the passwords. All these methods depend on the websites we use, so we can’t do anything but wait.

We just need to wait, using Mitro meanwhile.

Please, give it a try and share your thoughts :)

Marco De Nadai
Marco De Nadai
Research Scientist

My research interests include distributed robotics, mobile computing and programmable matter.