C'YaPass: Forget All Your Passwords

Never Memorize A Password Again
Never Type A Password Again
Never Make Up A Password Again

CYaPass Released to Windows Store

C'YaPass In Windows Store

CYaPass has just been released to the Windows Store. Now you can install it to your Windows 10 desktop quickly and easily. You can see there at: https://www.microsoft.com/en-us/p/cyapass/9pfd82d1z7rw

Using CYaPass

All you have to do is:
  1. Add / Select a SiteKey (reminds you which site the password is used for)
  2. Draw your secret pattern (it is never stored anywhere)
  3. The program remembers which password requirements (uppercase, special characters, length) are required by the site.
  4. The program generates your password and copies the password to your clipboard.
  5. You just paste the password wherever you need to use it.
The following snapshots will give you an idea of how to set up a siteKey and how to use the app.


Create a New SiteKey



After Saving New SiteKey, New Password Is Generated



Notice that the password has the max length of 20 and the special character (&) included.

Here's a few more snapshots to show you C'YaPass in action. 

Generates A New Password For Every Site

Each time you add a new SiteKey it will generate a new password using the new SiteKey and your original geometric pattern.

Now You Have A New Password For Twitter




Now you never have to remember your passwords and they are super strong : not based on words in the dictionary.

Try it out.  It'll make your life more secure and easier.  No more remembering all those special web site requirements on passwords.

Microsoft Security Baseline: Stop Expiring Passwords

Microsoft has published new guidelines for passwords along with their latest release of Windows 10 v1903 and Windows Server v1903.

The (Bad) State of Passwords

One of the first things Microsoft mentions is the terrible state of passwords which are made up by humans.  Here's the Microsoft blog writer's take on it.

When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords.

Removing Password Expirations

Microsoft is also admitting that the idea of forcing passwords to expire is ancient and makes no sense.

Again, the blog writer admits that their is no logic in expiring passwords in 60 or 90 days since the password may have been stolen at the beginning of the cycle and the cracker may have been using the password and associated account for a long time. 

If it’s a given that a password is likely to be stolen, how many days is an acceptable length of time to continue to allow the thief to use that stolen password? The Windows default is 42 days. Doesn’t that seem like a ridiculously long time? Well, it is, and yet our current baseline says 60 days – and used to say 90 days – because forcing frequent expiration introduces its own problems.

The problem is that password expiration is even a problem for the network administrators. 

Stop Making Up and Memorizing Passwords

If you are still making up and memorizing passwords, I suggest you stop and make your life easier by using C'YaPass.  It is 100% Open Source code so you can examine everything it does.  It generates strong passwords for you for each site you want to login to. 

If you don't want to download anything, you can try it here at this site just to see how it works.

All the code runs in JavaScript on your client and nothing is passed over the network.  Password keys are stored in the LocalStorage of your browser and only that browser instance will have those.

Try it at: http://cyapass.com/js/cya.htm

Try it out today and make your life easier.  Once you decide you want to use it you can download the free Windows app and the free Android app.

How Is C'YaPass Different Than Other Password Managers?

It's time to start using something to manage your passwords.  However, the apps out there are all the same.  They save your password somewhere -- either in their database at their web site or in a file you have to manage.

Below is a list of ways C'YaPass is different along with a list links to other password managers.  No matter which password manager you choose -- even if you don't decide to us C'YaPass -- you really should start using one today.  There are too many passwords for us humans to manage strong ones for all our accounts and web sites.  Let the computer help you.

How is C'YaPass different than other password managers?

  1.  C'YaPass never stores your password anywhere.  Other password managers store your passwords at their site or in a file you manage.  C'YaPass generates your password from the pattern you draw and the site key you choose each time you run the app.  It does not store your password anywhere.  I know that sounds like magic.  You can read more about it and see screenshots here^.
  2. C'YaPass is always free.  Other password managers charge you a fee.  Here's a list of other password solutions with links and prices:
    1. KeePassX^ is also free, however it requires you to manage an encrypted file of all your passwords.  You have to sync the file across devices and I have a friend whose only file was corrupted and he could not recover his passwords.  It's also not very user-friendly for non-tech users.
    2. Dashlane^ is $39.99 a year.  
    3. LastPass Premium^ is $24/ yr  Yes, there is free versions of LastPass and many of these apps but the free versions don't allow you to sync your passwords across devices.  (Also, LastPass was hacked^.)
    4. Keeper Password Manager^ is $29.99 / yr 
    5. Password Boss Premium^ is $29.99 /yr
    6. AgileBits 1Password 6^ is $35.88 /yr
    7. Sticky Password^  $29.99 /yr
    8. RoboForm 8^ $19.99 /yr
    9. True Key (Intel)^ $19.99 /yr (for unlimited passwords) Is an interesting option that lets you sign on on compatible devices using your face or fingerprint.  Their promise is no more passwords. However, the free option is only available if you have 15 or fewer passwords.  Once you start using this you'll find that you most likely have upwards of 40 or more.  That's why passwords are so ridiculous.  We have far too many of them.
  3. You can use C'YaPass without signing up to any service. Just download the app for your platform (Android, iOS, Windows) and go.  Many of these services require you to sign up for an account on their site.  With C'YaPass you manage how you use the app.
Watch this video which shows how you C'YaPass in action across devices (shown on iPhone and Windows, but it is the same on Android).

Try It In Your Browser, Get the App Free

You can try it in your browser, here, on this site at: http://cyapass.com/js/cya.htm^
Once you try it in your browser and see how easy it is you'll want to get the Android, iOS and Windows versions for free.  
Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

Top Security Experts: Your Passwords Are Weak

Here's a compilation of top security experts explaining why your passwords are weak, how easily they can be cracked and how quickly your accounts will be compromised.

Ars Technica Contest: Winner Cracks 90%

Ars Technica set up a contest to hack passwords.  The winner was able to crack 90% of them and the hacker who won second place was able to get 62% of them (out of a total of 16,000 passwords).  Read all the details of how they did it at: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/^

XKCD : CorrectHorseBatteryStaple Is Weak

Many people know about the XKCD method popularized by the comic : http://xkcd.com/936/^

Maybe you think these long passwords are uncrackable.   They're not any more.  

Don't Base Passwords On Any Natural Language Words

Your password has to be more random, because computing power allows huge dictionaries to be tried in all manner of combination and are able to crack passwords based upon words.

C'YaPass Generates Random Hashes With No Words

C'YaPass passwords are only letters and numbers and contain no words.  They are simply the SHA256 hash which is cryptographically strong -- you can't just try to guess them with brute force methods.  Brute force methods would take more time than there has been since the beginning of time.

Bruce Schneier, Top Security Professional, Explains How Passwords Are Cracked


He even created a method that insures you don't use any natural language words since the crackers are adding commonly found phrases to their dictionaries.  
Under his method for creating strong passwords you
  1. Choose a passphrase (sentence you'll remember)
  2. Convert it into a password by choosing first letter of each word
  3. Alter some chars with uppercase
  4. maybe add in a special character here and there
His example looks like:
"This little piggy went to market" might become "tlpWENT2m"

Overwhelming : Creating One of Those For Every Site

I think creating one of those for every site is extremely overwhelming though.  Passwords debt is a huge technical problem.  

This video is really funny because we've all been through these things with passwords.


Every Site Has Suggestions For Creating Passwords

Kim Komando : Radio Technology Expert

Here are Kim's suggestions for creating strong passwords:

Basically, the same advice that Bruce Schneier gives.

Microsoft: How To Create A Strong Password

Microsoft chimes in on what to do:
One of the five rules they provide is:
"Doesn't contain a complete word."

PNC Bank Provides Customers With Ideas For Strong Passwords


The PNC site refers to one of the online password generators which you can use to generate your password.

Strong Password Generator


Here are some sample passwords that the generator will create for you:
  • ecNt/KsDaSUXo9J
  • bzeP6cc[k_9pnJk
  • ^>/7P-k{(A 1@;o
But, how are you going to remember those?
You'll probably have to save them in a text file or write them down somewhere.

Also, you could create passwords like that by simple mashing on your keyboard so I'm not sure how much added value this provides.
Even the GeekSquad gets in on describing how to create strong passwords.

GeekSquad (BestBuy) : Creating Strong Passwords


All of this is absolutely overwhelming and 95% of people who are online are never going to examine how to create a strong password.

Contradictory Information

There's also a lot of information that contradicts each other out there.  For example, this lifehacks article says that password generators re-use passwords and you should probably stay away from them.

You Must Create Strong Passwords

Whatever method you choose, you must create stronger passwords.
Obviously I believe the best way is to get C'YaPass for free and start drawing your passwords.  

With C'YaPass you'll:


  • never memorize a password again
  • never type a password again
  • never make up a password again

It's Free: Try It Now

Browser Version Is HTML5 Canvas

The browser version does not require installation of anything.  It does not use Flash.  It runs in your browser via HTML5 Canvas.
Try it in your browser, right now.  Just click this link and it'll open in a new tab/window: http://cyapass.com/js/cya.htm^

Try the Browser Version, Get the App Free

Once you try it in your browser and see how easy it is you'll want to get the Android, iOS and Windows versions for free.  
Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

Users Don't Want Apps, They Want Magic

Security is boring.  Absolutely mind numbing.  Passwords are the most boring of all.  

No one wants to think about creating and managing passwords.  Users want apps to magically solve their problems.

Automatic Grocery List?

Wouldn't an automatic grocery list be cool?  Some app where every time you need ketchup or a jar of pickles and you don't want to forget you simply just say the item and it's added to a list. That would be great.  I have Google Home and it will help you do that.  That's almost magic.

Users don't want a solution, they just want some magic.  Wave a magic wand and make things easy.

Passwords : The Price We Have To Pay

The problem is that passwords are a part of the price we have pay to use the Internet.  Maybe someday the major companies will group together to destroy all passwords.  Maybe.  For now we have to deal with passwords.  That means you need to make a plan and actively manage them.  

Once You're Hacked, Everything Changes

If you get hacked, there will be no magic.  No hero on a white horse will come riding out of the sunrise to fix all your accounts.  And, the bank may even decide not to refund your stolen money.

That's what happened to Kristina Markula of San Francisco when hackers made Cardless ATM withdrawals against her Chase account.  Read all about it at : https://krebsonsecurity.com/2017/01/stolen-passwords-fuel-cardless-atm-fraud/^

C'YaPass Generates Strong Passwords

This is why I think you should try C'YaPass as soon as possible. This is why I make it available free for your use.  

C'YaPass Magic

I've tried to make it magic by allowing you to draw your password.  That's right you can draw your password so that you: 

  1. never have to memorize a password again.
  2. never have to type a password again.
  3. never have to make up a password again.
That's almost like magic.  

Try It For One Account, Then More

At least try it from the web for one of your accounts and see that it creates extremely long and strong passwords and then you can try it for more accounts as you like.

It's easy to try and free to use.  An ounce of prevention is worth tons of cure in the case of security.

Browser Version Is HTML5 Canvas

The browser version does not require installation of anything.  It does not use Flash.  It runs in your browser via HTML5 Canvas.
Try it in your browser, right now.  Just click this link and it'll open in a new tab/window: http://cyapass.com/js/cya.htm^

Try the Browser Version, Get the App Free

Once you try it in your browser and see how easy it is you'll want to get the Android, iOS and Windows versions for free.  
Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

Note: Hat and wand image from https://openclipart.org/detail/132133/magic-hat-and-wand^

Passwords Are Everywhere, But So Is C'YaPass

Passwords are everywhere. We are drowning in passwords. You have too many of them to realistically and easily manage.   That's one of the main reasons people create weak passwords.  There are just too many.

C'YaPass Is Everywhere

That's why I've developed C'YaPass for use on every platform (Android, iOS, Windows and now you can even run it right in your browser from cyapass.com).

Make 2017 the year you stop creating and memorizing passwords and let C'YaPass do it for you.

Try it in your browser, right now.  Just click this link and it'll open in a new tab/window: http://cyapass.com/js/cya.htm^

Browser Version Works In All Six Major Browsers

C'YaPass works in Microsoft Internet Explorer & Edge, Google Chrome, Mozilla Firefox, Apple Safari, Opera Software Opera.
There are no more excuses for not using strong passwords.  Try out the software in your browser right now, here at this web site.

Try It and Help Yourself Have Stronger Passwords

I hope you'll try it and help yourself with all your password management.
Remember, C'YaPass never transmits your passwords nor stores them anywhere.  It simply generates a strong password for your use.

Browser Version Is HTML5 Canvas

The browser version does not require installation of anything.  It does not use Flash.  It runs in your browser via HTML5 Canvas.

Try the Browser Version, Get the App Free

Once you try it in your browser and see how easy it is you'll want to get the Android, iOS and Windows versions for free.  
Here's where you can get the iPhone/iPad, Android and Windows versions.
iOS / iPhone / iPad

The iOS (iPhone / iPad) version is available for the first time today (12.08.2016) in the App Store at:

https://itunes.apple.com/us/app/cyapass/id1183137527?mt=8^

Android

You can also get the Android version in the Google Play store at:

https://play.google.com/store/apps/details?id=us.raddev.cyapass^

Windows 

You can get the Windows version here at this site (just click the Get C'YaPass menu or follow this link: http://cyapass.com/page/get-c-yapass^

Note: Image is from openclipart.org. See more details at: https://openclipart.org/detail/225506/Drowning-colored