New attribute ‘encrypted’ for password type input field
I would like to propose a new attribute to the input field that is responsible for the password. So … An incredible proposal for a better web in terms of security and futuristic
<input type="password" encrypted="rsa" required>
- Any user accesses a website and enters the email, password and username. After the email validation process, he accesses the site normally when he needs to log in with username and password. So far so good, the problem is that the user’s password is a very easy password to be discovered.
- He doesn’t have the computer skills to use a password manager. He, the user, has no knowledge of how to use a computer. This user I call a common user. A home user.
- It would be nice if we had a new attribute for html - the password type entry with the attribute: ‘encrypted’ and ‘algorithm’ to make life easier for ordinary home users.
- My ideal scenario is to use rsa for public and private key as follows, every login that the user makes he puts the normal password - which can be even easy.
- With this password, the browser takes the password and converts it to rsa. Then it generates 2 keys, a public key and a private key.
- The private key is unknown to the user. If he needs to know the decrypted password, he must provide his operating system login password in the browser of his choice.
- I can give a very good example here, the brave browser has the following url to access the users password: “brave://settings/passwords?search=password”
- Every password type input field is automatically managed as rsa.
- This is only decrypted when the user enters a password in the browser to decrypt a password.
- Many of these passwords are easily decrypted as they are text only. There may be systems or viruses that work with the copy of text that the user types. My idea is to prevent passwords from being decrypted when the user copies and pastes.
- When the user is in the copying process, the password is the public key
- There is a library that is responsible for encryption here tweetnacl or argon2-browser
- The general idea is that browsers take care of the password process, given that there are still sites that do not use good security measures.
- In addition, most users have easy passwords that are not secure at all.
- As systems can be complex to take care of passwords, semantically they could use browser resources.
- References/there are several proposals here: proposal-add-curve-25519-and-cruve-448-to-the-web-cryptography-api, draft-spec-secure-curves-in-web-crypto
- The responsibility for more data security should lie with the web engines (html, js), browsers, companies and people.
- The images are illustrative and were taken from Google images.
- Web or browsers must provide means of clipboard encrypted passwords