Abstract
The current behaviours that users have towards their online passwords and online accounts are not sufficient as it leaves them vulnerable to attacks from threat actors. Typically, passwords that users create are predictable and threat actors are able to take advantage of this in-order to successfully guess user’s passwords. Even if users purposely create passwords which they believe are unpredictable, threat actors can still use other methods to compromise organisations databases, reverse hashes and uncover the user’s password. This poses a very serious threat to cyber security as online services find it hard to distinguish malicious login attempts to legitimate ones when valid credentials are used. Within this project, this issue is tackled in-order to understand why this might be and how it can prevented with the development of a new tool which users can use to strengthen their online passwords and create strong passwords which even in the event of a data breach keeps them safe.
Home Page
This page lets users generate passwords with hash values cannot be reversed back to plaintext values using rainbow tables.
Features
• Only generates passwords which hash value cannot be reversed using online rainbow tables.
• Generate passwords from 8 – 128 characters with slider
• Generate password with lowercase, uppercase, symbol and number characters
• Specify the minimum number of characters per character type
• Password strength meter that shows password from Strong, Medium, Bad and Very Bad
• Recommended settings button which inputs strong password properties automatically
• Statement to store passwords within a password manager with recommended free and paid password managers mentioned
• A password report is generated which shows information about the generated password
o The plaintext value
o The password strength
o The password in hash values (SHA256, MD5, SHA, SHA224, SHA384, SHA512, BLAKE2B, BLAKE2S, SHA_224, SHA3_256, SHA_384. SHA_512)
o The individual characters within the password (lowercase, uppercase, symbols and numbers)
o The password character layout in numbered order
• A copy button to copy the generated password to clipboard
• A description of the tool and how it keeps the user safe is displayed
• A grid layout of features of the tool is displayed.
• An option for users to print or save to a text file the generated passwords with or without a label it to make it easier for them to remember which service the password was generated for.
• An alert is presented to the user if valid options are not selected.
Check Page
This page lets users check their existing passwords cannot be reversed back to plaintext values using rainbow tables.
Features
• All that is needed to be entered by a user is the plaintext of their password, the system does the hashing in the backend itself.
• If a user’s password can be converted from a hash value to plaintext using an online rainbow table, the user is shown a notification in red text which alerts them the password is not safe to use and recommends them to replace the password with a generated password.
• If a user’s password cannot be converted from a hash value to plaintext using an online rainbow table, the user is shown a notification in green which alerts them the password is safe to use.
• A password report is generated which shows information about the user’s password
o The plaintext value
o The password strength
o The password in hash values
SHA256, MD5, SHA, SHA224, SHA384, SHA512, BLAKE2B, BLAKE2S, SHA_224, SHA3_256, SHA_384. SHA_512
o The individual characters within the password (lowercase, uppercase, symbols and numbers)
o The password character layout in numbered order
• A description of the tool is displayed.
• An alert is presented to the user if a password is not entered.
About Page
This page gives users information about this tool.
Features
• Name of creation, organisation, and motivation for creation of the tool is displayed.
• Basic features of the tool are displayed.
Contact
This page lets users contact to provide feedback, report problems or for general queries about the tool.
Features
- Button which automatically opens an email compose window with the contact email address prefilled.
