How to securely log in to a web service through a compromised device?

So:

Pass
P with a shift of 6 in the first article turns into Z.
Z with a shift of 6 in the second article turns into A.

pAss
And with a shift of 1 in the first article it turns into K.
K with a shift of 1 in the second article becomes T.

paSs
With a shift of 1 in the first article, T becomes T.
T with a shift of 1 in the second article turns into X.

pasS
With a shift of 3 in the first article, it becomes R.
P with a shift of 3 in the second article becomes E.

We do this with each letter and get: ATHE (in Latin).

Our authorization server does the same, and if the encryption matches, it lets us in.

To prevent our password from being entered a second after us, we turn it into an OTP and cross it off the list. To re-enter, we take the most relevant article from those that we have not yet used. I think that within the frequency of updating articles, we will remember the articles that we have already used.

And after all this, there is still huge potential for creativity in improving the algorithm, for example:

  • time of publication of the article mixed with a pin code as a key

  • rotation of different news portalstaking into account punctuation marks

  • personalized transformation of Cyrillic into Latin (for example, the letter “Ю” can be turned into “yu”, or into “u”, or into “1-0”, as you think of)

  • use TOTP with long time interval instead of PIN

Conclusion

I suppose something like this could help with authentication on a compromised device, but I also suspect that using it would be about as inappropriate as wearing a tinfoil hat. Still, I found the idea of ​​this algorithm amusing and worth posting.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *