Probably unknown to just about everyone that knows me, I have an application out on the Android market called SimpleSafe which generates passwords according to input text. After about a six month gap in development, I decided to dive back into it. Originally funded by Kickstarter, the app failed to gain popularity and ran out of initial funding ($100+ for domain+hosting).
To summarize the app, it was a unique password generator that took input from a user and translated it into a specific password. Think of it as a hash generator.
Why It Died
Well, mainly because I was not very talented at marketing and letting people know about this great app. I developed it for several different systems and worked on all OS via Adobe Air. Which is why I am STILL a huge backer of Air (spiritually, not monetarily). Adobe Air allowed me to create a simple but powerful app that ran across a variety of platforms. I could use the same codebase coupled with PhoneGap to launch to android (though I didn’t that). So yes, it was available for Linux, Windows, OSX, via Web, and on Android as well (it was a native android app) but I did not explain it nor show it to people well enough so that they would understand it.
Even to my friends I could not explain the advantages and when the app launched, everyone was all over 1Password and other tools which I find lack the simplicity and even security of my application. I also found that many have created similar apps that worked slightly differently. Such as, there was an application that generated a password from an image. I thought it was a superior tool but I’ve been disillusioned by that.
So why did it die in one sentence?
Bad marketing and lacking UI
What it is (in more than one sentence)
SimpleSafe is a password generator that works on different principles than regular generators. Regular generators hash together a randomized password according to your specs which includes the following criteria:
- lowercase vs uppercase
- inclusion of numbers
- inclusion of symbols
For an average user, too many options. The problem with those generators was that they would create a password and abandon it. Either hashing it together by the time of day, salts, multiple hashing processes or what have you. An average user has to write the password down or use a tool such as 1Password.
SimpleSafe killed that entire flow. What SimpleSafe does is use hashing and salting to create a password. It uses techniques NOT SECURE for database saving, mind you, but that’s not our concern. What we want is passwords that fulfill all of a website’s criteria (lower vs upper, numbers, symbols), does so simply, and will give you the same result no matter how many times you enter the password. Why is this safe for our use? Because that password will be secured by the site you use the pass for. It’s not meant to be uncrackable. It’s meant to be difficult once it’s properly hashed by the receiving database. It’s meant to be able to overcome easy dictionary attacks, numbers vs letter combinations, and more. So the application is not immune to hacking, but the password usage is.
So why use it? To remember a password, you need only three pieces of information:
- Input phrase (used for subsequent hashing)
- Button Color (for the hash and/or encryption technique)
- Password length
This not only simplifies the process of remembering a password but also encourages the usage of multiple passwords. I think a lot of people are guilty of having “2-3 main passwords”. This app helps you expand on that. And being cross-platform (soon to be coded to natively work on Linux), it’s easily accessible.
So, let’s review.
SimpleSafe is a persistent password generator that will receive an input phrase, a hash method, and will output several password lengths. Each generated password can be recreated by redoing the same steps of adding a phrase, method, and picking a length.
Sounds simple, and sounds probably useless yet…
Why am I rebooting it?
Main reason? I use this application daily, more than daily, I use it several times during the day to retrieve complicated secure passwords that I just can’t remember for the hell of me. I don’t want my browser to remember that password and 1Password either, especially since it’s not “immediately” portable. I hate saving passwords but I do so because I easily forget. What’s more is that recent statistics have found something I’ve been guilty of, a pattern in secure password generation. Here’s how a regular user makes a “secure” password that requires capitals, symbols and numbers:
- take normal standard password, “hello”
- capitalize first letter “Hello”
- add a number at the end or replace letter with number “Hell0” (that’s a zero, not an “o”)
- add a symbol at the end (usually exclamation, period, or question mark) “Hell0!”
Easily crackable, and very predictable and according to statistics, very common.
SimplSafe allows me to create a better password and in case I forget it (likely to happen), access it almost immediately via my phrase. Here are the steps to creating a better password on SimpleSafe:
- take normal standard password, “hello”
- add usage “hello Facebook”
- red button
- 10 characters
- efef1a472b (this is an md5 hash used)
steps easy to remember, password easy to regenerate, app easy to access, password is secure. I don’t have a method yet that adds capitals and/or symbols but I will have it once app is in production again.
What’s going to change
Better UI for sure. The stuff it uses right now is crap. The cool thing about the app is that the code is almost dead simple and be recreated anywhere so I’ll probably have a ton of ports for it. Here are some mods I’ll be implementing:
- 64 base hash to add random capitals
- simple symbols hash
- MUCH better UI
- docs for customization of the open sourced version
- better native apps (no Air use)
Look forward to it!