Floating password

I think for some the content of this article will not be a discovery, but at least I did not find on the Internet a description of such a mechanism for accessing resources through a password / login link.

The goal is to create a simple and reliable user identification system using a constantly changing password.

One of the main conditions for the unequivocal confirmation of identity or its authority in the system is a high-quality password, which must have the following characteristics:

1. high complexity;
2. periodic change;
3. storage reliability.

All these requirements can be met by applying the scheme described below.
')

Example 1. Password generation on the user side with a frequency of 1 year:

2014 - current password: 12 @ i4Wednesday
2015 - current password: 12 @ i4Thursday
2016 year - current password: 12 @ i4Friday

Where:

• 12 @ i4 - the “base” part, is thought up by the user;
• Wednesday, Thursday, Friday - “floating” part, which corresponds to the name of the first day of the week of the current year.

Generation on the server side occurs by an identical algorithm.
The algorithm and frequency of changing the password is configured by the user, or by the administrator, through the "designer". The combination of "basic" and "floating" parts of a password can have arbitrary complexity and consistency.

Example 2. Password generation at intervals of 1 day (let's complicate the algorithm):

Date: 04/12/14 - Current password: 12 @ i4Wednesday335704
Date: 04/13/14 - Current Password: 12 @ i4Thursday334152
Date: 04/14/14 - Current Password: 12 @ i4Friday334152

Where:

• 12 @ i4 - the “base” part;
• Wednesday, Thursday, Friday - the “floating” part, which corresponds to the name of the first day of the week of the current year;
• 335704, 334152, 334152 - the official Australian dollar exchange rate on the previous date without a comma.

The “floating” part can be tied to almost any source of periodically changing and structured data, up to the first word of the headline of the top article of the news service.

Possible development of a floating password system:

• rejection of the basic part of the password;
• failure to login.

The advantages of a "floating" password:

1. relative ease of implementation;
2. the user is not obliged to remember the password, it is enough to know the mechanism for its generation;
3. guaranteed periodic shift;
4. medium / high reliability.

Additional restrictions:

1. the need to implement an additional service on the server side;
2. It may be necessary to create a source of summary information for generating a password (page / site / service) that helps the user to generate a password on his own, and not to search for data all over the Internet. For example: the home page of the screen which displays the weather in various cities, exchange rates, a calendar, the amount of box office for movies, etc.

Potential risks:

1. sophisticated designer user interface for creating a floating password on the server side;
2. additional computational load on the server.