A typical gamer, today, has multiple online gaming accounts and gaming devices, which require passwords for logins. For secure management of all these accounts, users need strong unique passwords for each account. Otherwise, users significantly increase risks that their accounts, data and assets will be compromised, hacked, stolen (see [1-3]). In this post, we consider a simple way to manage 100 super strong unique passwords for different gaming accounts (online and offline games).
First of all, a user needs to create a list of all games played at different websites, blockchains and devices, arranged by her/his personal preferences, for example as shown in the list below (assuming the user use different web sites, blockchains, devices for different games).
1. Fortnite
2. Rocket League
3. Among Us
4. World of Warcraft
5. League of Legends
6. Roblox
7. Tom Clancy's Rainbow Six Siege
8. Monster Hunter: World
9. Stardew Valley
10. Fortnite Battle Royale
11. ARK: Survival Evolved
12. Don't Starve Together
13. Battlefield V
14. Final Fantasy XIV
15. Brawlhalla
16. Civilization VI
17. Forza Horizon 5
18. Apex Legends
19. Dead by Daylight
20. Overwatch
21. Call of Duty: Warzone
22. Minecraft
23. Hearthstone
24. Red Dead Redemption 2
25. Team Fortress 2
26. Super Smash Bros. Ultimate
27. Mario Kart 8 Deluxe
28. Halo Infinite
29. Call of Duty: Mobile
30. Left 4 Dead 2
31. Fallout 76
32. Battlefield 1
33. Battlefield 2042
34. Deep Rock Galactic
35. Destiny 2
36. Grand Theft Auto V
37. PlayerUnknown's Battlegrounds
38. Valorant
39. Grand Theft Auto Online
40. Sea of Thieves
41. Counter-Strike: Global Offensive
42. Dota 2
43. Monster Hunter Rise
44. Terraria
45. No Man's Sky
46. Crossfire
47. Valheim
48. Counter-Strike
49. Garry's Mod
50. Counter-Strike: Source
51. Dungeon Fighter Online
52. Mega Dice (DICE)
53. CoinPoker (CHP)
54. WienerAI (WAI)
55. Sponge V2 (SPONGEV2)
56. 5th Scape (5SCAPE)
57. Shiba Shootout (SHIBASHOOT)
58. eTukTuk (TUK)
59. Hypeloot (HLPT)
60. Insanity Bets (IBET)
61. BlastUp (BLP)
62. Axie Infinity (AXS)
63. The Heist (KIWI)
64. Shrapnel (SHRAP)
65. Gods Unchained (GODS)
66. My Neighbor Alice (ALICE)
67. Decentraland (MANA)
68. The Sandbox (SAND)
69. Heroes of Mavia (MAVIA)
70. Star Atlas (ATLAS)
71. Illuvium (ILV)
72. XBOX
73. Nintendo Switch
74. PlayStation 2
75. GameCube
76. Sega Genesis
77. Nintendo DS
An alternative option is to list all gaming websites, blockchains, devices where logins are required.
Secondly, the user needs to choose an easy memorable key and a date. For example, let the key be “my games” and the date “2024-01-01”.
By entering these input parameters into input fields of a private dynamical passwords generator (DPG) and clicking on “Go!” button the user will be able to generate or reconstruct all passwords in seconds, anytime, anywhere from any device with a web browser connected to internet.
Let us assume, that the user wants to play Axie Infinity (AXS) on the blockchain, which is 62-nd in the list. The user creates a strong password from one or several sub-strings in the 62-nd field of the DPG’s output. By selecting the whole 62-nd string of symbols the user will have a super strong unique password for Axie Infinity (AXS) blockchain game and will use it to login.
If the user wants to change all passwords at a particular date then she/he can change the input parameters (date or/and key) and creates 100 new super strong unique passwords with a single click of the button, in seconds.
Traditional passwords managers keep all passwords in a database, called vault. This vault is secured by a master password or a passkey and an encryption of the vault. Therefore, they have 2 potential holes (PHs) in cyber security (master password/passkey and encryption) or 0.5 lines of defense.
By keeping all passwords in a single vault traditional passwords managers violate the main principle of risk management “do not keep all eggs in a single basket”.
DPGs do not have potential holes in cyber security and have multiple lines of defense. Even if a single line or several lines of defense will be broken then attackers still will not be able to reconstruct the passwords, until they will be able to break all lines of defense.
DPGs do not store passwords in any place and do not use encryption, therefore they can not be hacked, broken, stolen, confiscated, etc. on this stage (they do not exist in our real world after the browser was closed, assuming the browser does not save them) and are ready for the era of quantum computers.
If two different users will have the same input parameters for their private DPGs, for example as above then output strings will be different for them. Each private DPG generates an unique sequence of output strings, which is different from outputs of other DPGs for the same input parameters.
P.S. A potential hole (PH) in a cyber security system is a parameter, method, part, etc., which if compromised leads to an account/device/system/network/etc. be hacked. For example, if a master password or a passkey of a traditional passwords manager is compromised then ALL passwords are exposed to hackers. This is the first potential hole in traditional passwords managers. The second potential hole in traditional passwords managers is an encryption of a vault/database where all passwords are stored. If this encryption is broken then ALL passwords are exposed to hackers.
References:
[1] https://www.watchmojo.com/articles/top-10-biggest-hacks-in-gaming-history/playstation-network
[2] https://www.linkedin.com/pulse/game-over-biggest-attacks-against-gaming-platforms