C'YaPass: Forget All Your Passwords

Never Memorize A Password Again
Never Type A Password Again
Never Make Up A Password Again

Top Security Experts: Your Passwords Are Weak

Here's a compilation of top security experts explaining why your passwords are weak, how easily they can be cracked and how quickly your accounts will be compromised.

Ars Technica Contest: Winner Cracks 90%

Ars Technica set up a contest to hack passwords.  The winner was able to crack 90% of them and the hacker who won second place was able to get 62% of them (out of a total of 16,000 passwords).  Read all the details of how they did it at: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/^

XKCD : CorrectHorseBatteryStaple Is Weak

Many people know about the XKCD method popularized by the comic : http://xkcd.com/936/^

Maybe you think these long passwords are uncrackable.   They're not any more.  

Don't Base Passwords On Any Natural Language Words

Your password has to be more random, because computing power allows huge dictionaries to be tried in all manner of combination and are able to crack passwords based upon words.

C'YaPass Generates Random Hashes With No Words

C'YaPass passwords are only letters and numbers and contain no words.  They are simply the SHA256 hash which is cryptographically strong -- you can't just try to guess them with brute force methods.  Brute force methods would take more time than there has been since the beginning of time.

Bruce Schneier, Top Security Professional, Explains How Passwords Are Cracked


He even created a method that insures you don't use any natural language words since the crackers are adding commonly found phrases to their dictionaries.  
Under his method for creating strong passwords you
  1. Choose a passphrase (sentence you'll remember)
  2. Convert it into a password by choosing first letter of each word
  3. Alter some chars with uppercase
  4. maybe add in a special character here and there
His example looks like:
"This little piggy went to market" might become "tlpWENT2m"

Overwhelming : Creating One of Those For Every Site

I think creating one of those for every site is extremely overwhelming though.  Passwords debt is a huge technical problem.  

This video is really funny because we've all been through these things with passwords.


Every Site Has Suggestions For Creating Passwords

Kim Komando : Radio Technology Expert

Here are Kim's suggestions for creating strong passwords:

Basically, the same advice that Bruce Schneier gives.

Microsoft: How To Create A Strong Password

Microsoft chimes in on what to do:
One of the five rules they provide is:
"Doesn't contain a complete word."

PNC Bank Provides Customers With Ideas For Strong Passwords


The PNC site refers to one of the online password generators which you can use to generate your password.

Strong Password Generator


Here are some sample passwords that the generator will create for you:
  • ecNt/KsDaSUXo9J
  • bzeP6cc[k_9pnJk
  • ^>/7P-k{(A 1@;o
But, how are you going to remember those?
You'll probably have to save them in a text file or write them down somewhere.

Also, you could create passwords like that by simple mashing on your keyboard so I'm not sure how much added value this provides.
Even the GeekSquad gets in on describing how to create strong passwords.

GeekSquad (BestBuy) : Creating Strong Passwords


All of this is absolutely overwhelming and 95% of people who are online are never going to examine how to create a strong password.

Contradictory Information

There's also a lot of information that contradicts each other out there.  For example, this lifehacks article says that password generators re-use passwords and you should probably stay away from them.

You Must Create Strong Passwords

Whatever method you choose, you must create stronger passwords.
Obviously I believe the best way is to get C'YaPass for free and start drawing your passwords.  

With C'YaPass you'll:


  • never memorize a password again
  • never type a password again
  • never make up a password again

It's Free: Try It Now

Browser Version Is HTML5 Canvas

The browser version does not require installation of anything.  It does not use Flash.  It runs in your browser via HTML5 Canvas.
Try it in your browser, right now.  Just click this link and it'll open in a new tab/window: http://cyapass.com/page/CYaPass-Web-App^

Try the Browser Version, Get the App Free

Once you try it in your browser and see how easy it is you'll want to get the Android, iOS and Windows versions for free.  
Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

Users Don't Want Apps, They Want Magic

Security is boring.  Absolutely mind numbing.  Passwords are the most boring of all.  

No one wants to think about creating and managing passwords.  Users want apps to magically solve their problems.

Automatic Grocery List?

Wouldn't an automatic grocery list be cool?  Some app where every time you need ketchup or a jar of pickles and you don't want to forget you simply just say the item and it's added to a list. That would be great.  I have Google Home and it will help you do that.  That's almost magic.

Users don't want a solution, they just want some magic.  Wave a magic wand and make things easy.

Passwords : The Price We Have To Pay

The problem is that passwords are a part of the price we have pay to use the Internet.  Maybe someday the major companies will group together to destroy all passwords.  Maybe.  For now we have to deal with passwords.  That means you need to make a plan and actively manage them.  

Once You're Hacked, Everything Changes

If you get hacked, there will be no magic.  No hero on a white horse will come riding out of the sunrise to fix all your accounts.  And, the bank may even decide not to refund your stolen money.

That's what happened to Kristina Markula of San Francisco when hackers made Cardless ATM withdrawals against her Chase account.  Read all about it at : https://krebsonsecurity.com/2017/01/stolen-passwords-fuel-cardless-atm-fraud/^

C'YaPass Generates Strong Passwords

This is why I think you should try C'YaPass as soon as possible. This is why I make it available free for your use.  

C'YaPass Magic

I've tried to make it magic by allowing you to draw your password.  That's right you can draw your password so that you: 

  1. never have to memorize a password again.
  2. never have to type a password again.
  3. never have to make up a password again.
That's almost like magic.  

Try It For One Account, Then More

At least try it from the web for one of your accounts and see that it creates extremely long and strong passwords and then you can try it for more accounts as you like.

It's easy to try and free to use.  An ounce of prevention is worth tons of cure in the case of security.

Browser Version Is HTML5 Canvas

The browser version does not require installation of anything.  It does not use Flash.  It runs in your browser via HTML5 Canvas.
Try it in your browser, right now.  Just click this link and it'll open in a new tab/window: http://cyapass.com/page/CYaPass-Web-App^

Try the Browser Version, Get the App Free

Once you try it in your browser and see how easy it is you'll want to get the Android, iOS and Windows versions for free.  
Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

Note: Hat and wand image from https://openclipart.org/detail/132133/magic-hat-and-wand^

Passwords Are Everywhere, But So Is C'YaPass

Passwords are everywhere. We are drowning in passwords. You have too many of them to realistically and easily manage.   That's one of the main reasons people create weak passwords.  There are just too many.

C'YaPass Is Everywhere

That's why I've developed C'YaPass for use on every platform (Android, iOS, Windows and now you can even run it right in your browser from cyapass.com).

Make 2017 the year you stop creating and memorizing passwords and let C'YaPass do it for you.

Try it in your browser, right now.  Just click this link and it'll open in a new tab/window: http://cyapass.com/page/CYaPass-Web-App^

Browser Version Works In All Six Major Browsers

C'YaPass works in Microsoft Internet Explorer & Edge, Google Chrome, Mozilla Firefox, Apple Safari, Opera Software Opera.
There are no more excuses for not using strong passwords.  Try out the software in your browser right now, here at this web site.

Try It and Help Yourself Have Stronger Passwords

I hope you'll try it and help yourself with all your password management.
Remember, C'YaPass never transmits your passwords nor stores them anywhere.  It simply generates a strong password for your use.

Browser Version Is HTML5 Canvas

The browser version does not require installation of anything.  It does not use Flash.  It runs in your browser via HTML5 Canvas.

Try the Browser Version, Get the App Free

Once you try it in your browser and see how easy it is you'll want to get the Android, iOS and Windows versions for free.  
Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

Note: Image is from openclipart.org. See more details at: https://openclipart.org/detail/225506/Drowning-colored

Hey, Passwords, Leave Those Kids Alone (Gen Z aka Post-Millennials)

Generation Z (aka Post-Millennials) are not bothered by passwords at all.  They simply create one and use it everywhere.

In an earlier blog entry ( Why Did I Create C'YaPass? Who Will Use It?^ ) I told the story of my son's friend (a Gen Z'er) who explained that she uses the same password everywhere.  She admitted to being hacked and it was meaningless to her.  

Yesterday I was discussing C'YaPass usage tests with one of my angel investors who is also a teacher at a college prep school.   He said, 

I had one of my students try C'YaPass.  The student told me the software worked great and that he really liked it and thought it was easy to use.  

I was smiling and happy to hear that, but I could hear the hesitation in his voice and knew he was about to reveal a large but...

My friend continued : 

The student also said, "kids my age will never use that tool though, because we just enter some random characters and use the same password everywhere."

This may also answer the question that everyone has about how one billion Yahoo! accounts were hacked^.

I Understand The Sentiment

I understand the sentiment expressed by the student.  I have two children of my own who are GenZers and they basically feel the same way about passwords.  Of course, I've basically driven them crazy with all my talk about how their weak passwords will be hacked.  

There Are Many Reasons To Not Use C'YaPass

Here are some reasons that you may not want to use C'YaPass

  1. You will have to download the iPhone/iPad or Android app and install it.  You will also, most likely want to get the Windows version and install it.  That will probably take you 5 or 10 minutes.  Gen Z isn't interested in that.
  2. You will have to change passwords on your accounts to use the new strong passwords which are generated by C'YaPass.  That's work and a bother for a lot of people.
  3. You will have to change your thinking.  Where you normally type your passwords (often on a onscreen keyboard with your thumbs) you will now make sure C'YaPass is open and have it generate your password so you can paste it into the password box.
  4. Maybe you're afraid that C'YaPass stores your passwords or transmits them across the Internet?  It does neither of those things. It does not store your passwords anywhere and it transmits nothing across the Internet.

There Are A Few Great Reasons For Using C'YaPass

  1. You will never have to type a password again.  Instead you draw your pattern once and choose your site/key and your password is generated and copied into your device's clipboard.  From there, you simply paste it into the password box.  Very easy.
  2. You will never have to memorize a password again.  Instead, simply create your site/keys, draw your pattern and C'YaPass generates your password.  No memorization required.
  3. You will never have to make up a password again.  C'YaPass generates strong passswords for your unique pattern and each of your unique site/keys.  If you need a new password for a new site, just add the site/key and you'll have a new password.
  4. Your passwords will be far stronger than anything you can make up.

Convince Gen Z

Try everything you can to convince your Gen-Zers to use C'YaPass. It will help to keep them more safe and it really isn't too much more difficult than making up their own random password.

Get the app or try it in your browser


Try It In Your Browser


Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

One Billion Yahoo! Accounts Hacked: What Does It Mean?

The New York Times headline shouts, Yahoo Says 1 Billion User Accounts Were Hacked^, but what does that mean?

First of all this hack dates back to September, 2013, so there's no way to unscramble these eggs.  If the data in your Yahoo! account has been compromised I suppose you have to protect yourself from every angle now.  If you had documents that reveal more about your identity in there then the hackers may know a lot about you.

Yahoo! says that the following items were exposed:

  1. account telephone numbers
  2. encrypted passwords
  3. birth dates associated with account
  4. plaintext security questions 
Let's talk a bit about number two from that list, encrypted passwords.

Encrypted Passwords : MD5 Hash

The encrypted passwords as Yahoo! calls them are actually MD5 hashes of the account's password.  It is similar (but much older and proven in the past to be insecure) to SHA-256 hash.  Modern computing power makes it possible to hack many of these passwords in a short time through brute-force attacks.  I've written about brute-force attacks here and you can read more about it at: ( http://cyapass.com/post/how-hackers-crack-passwords-part-1 ) 

Making the Brute-Force Attack Impossible

However, even with the older MD5 hash technology being implemented, if your account password was not based upon natural language words (words you'd find in a dictionary) then your account will probably be safe. If your password for your Yahoo! account was one generated by C'YaPass for example (64 characters long and based upon random letters and numbers) it is close to impossible for hackers to crack it even with the older MD5 technology so you'd probably be safe.  

Don't Need To Be Faster Than the Tiger

The important thing is that you'd be more safe.  Your passwords just need to be stronger than all the other people's then you're safe.  You don't have to be faster than the tiger.  Just faster than the people you're running with.  :)

Yahoo! Does Something Smart, But Is It Too Late?

Of course, now Yahoo! finally reacts and does something useful.   They created Yahoo! Account Key (see more at: https://help.yahoo.com/kb/SLN25781.html^)

What Does Yahoo! Account Key Do?

This method allows you to sign on without using a password.  You simply set up a phone number that Yahoo! will send a notification to each time you attempt to sign on.  When you attempt to sign on to your Yahoo! account the message will popup on your phone and only if you acknowledge it will you be logged in on the other device.
You can watch the video that shows it in action:


Fewer Is Better

The fewer passwords you have, the better.  That's a great way to create a secure sign in and it means less passwords for you to memorize.  However, this only works with Yahoo! accounts at this point.  Maybe this is the way the industry will go, but for now you can't use this technology anywhere else.  And, since a lot of users will migrate away from Yahoo! it may be far too little, too late.

Until Passwords Are Dead, Make Them Stronger

Until passwords are completely destroyed, you must make them stronger.  You really should make them so strong that you cannot even memorize them.  How can you do that?  Just let C'YaPass generate them for you.
Get the app or try it in your browser.

Try It In Your Browser

Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

It's Not Difficult, But It Is Different

Using C'YaPass is extremely easy.  It's far easier than memorizing and making up your own passwords.

However, it may feel difficult at first because it's a change to the way you do things.

Resisting Change Is Part of the Human Condition

The challenge in front of me, as the author of C'YaPass, is to get people to change the way they've been working with their passwords for years.  It's not easy and I get it.  I understand that change is intrusive.  

Changing Current Passwords

Yes, if you use C'YaPass to generate a password for one of your current accounts it means you'll have to change your password on that account.  That's actually the entire point of C'YaPass.  The point is to allow C'YaPass to generate strong passwords for your accounts.  

One At a Time

As I've mentioned before, the easiest way to begin using C'YaPass is to ease into it by trying it for one account.  So, maybe you're a long time password user and you are resistant.  That's fine.  I understand.  But think about who can really benefit from using C'YaPass.

Who Stands to Benefit the Most From C'YaPass?

For those users who haven't been typing passwords for five, ten or twenty years, C'YaPass is going to seem obvious.  Imagine a new computer user (probably a child of eight or ten years) who is forced to make up a password.  Do you think that child is going to know how to create a strong password?  Probably not. 

Use C'YaPass For New Computer Users : Children

Introduce the child to C'YaPass now, before she learns all the bad habits of creating and managing passwords that most of us have learned.  It really makes sense.  

Managing Passwords For Your Family

There is an advantage to you also.  With C'YaPass you can more easily manage all of your child's passwords in one place making it much easier to log into  your child's accounts when necessary.
It's Extremely Easy
Let's try it in your browser right now.  Just click the following link and you can try it in another tab as you read this article: http://cyapass.com/page/CYaPass-Web-App^

Now all you have to do is :
  1. add a site/key (just some text to remind you what the password is used for)
  2. draw a pattern
  3. *copy and paste the password where you want to use it
*note: In the Android, iOS, and Windows app the copy is automatically done for you.  However, there are limitations on the browser to do this easily.  The browser version is just to provide you with an easy way to try the app.



Once You've Tried It, Get The App On All Your Devices

Now you can get the app for all your devices for free.

Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^