A common password method for protection of multiple accounts

This paper proposes a common password method for users who need to protect multiple accounts using passwords. It requires a user to remember only one password, called a common password, to access any of his/her accounts. Each account is protected by a different password, called a specific password. It is generated by a one-way hash function of an account-specific random number that is stored at the account server or a proxy in an encryption form, where the encryption key is derived from the common password. Compared with a convenient but insecure practice of using one or several passwords to protect multiple accounts, the common password method is convenient and secure. It assures that compromising one specific password does not reveal the common password and any other specific password. A Web-based implementation for the common password method is also presented in this paper. It employs a Web server to store every user´s account identifiers and encrypted random numbers, and to supply them to the user in a Web page that contains a password calculator written in JavaScript. The user can compute a specific password using a Web browser on his/her computer for any application that requires password authentication.