I like passpet better than the pet name concept, and the custom icon is a good idea. (Indeed, some web sites are using a user-chosen photo as their anti-phish technology already.) I still have doubt that users will take to extensively assigning pet names to sites (auto generated pet names of course will exist) but I am interested in research. I might use them personally but I’m already fairly phish-resistent.

As you know, generated passwords present a roaming problem. Your goal 6 — only one password to remember — is desireable but difficult. In particular there is the troublesome problem of the random internet cafe. I have found myself on the road and needing to use such a terminal to access travel sites and even money sites. This is of course risky, there could be a trojan keylogger. But sometimes I make a judgement that my need to use a site outweighs the risk.

Of course, there will not be any special plugin or browser mod on the random machine. Probably vanilla IE until such time as a better password roaming system becomes standard in all browsers. One can provide an SSL web site where I can enter my master PW and get a domain specific PW to cut and paste, however.

But while I might be willing to risk entering my paypal password into the random computer, dangerous as that would be, I really don’t want to enter my master password anywhere but a fully trusted machine. Especially if that master password is also used in other places (such as being my unix logon password etc.) That’s far more dangerous.

So you are stuck with having to remember different passwords for the most sensative accounts, I think. While I noted passpet lets you modify the domain name I think you need a way to say that you want a different master password for the most crucial sites.

I would then combine this with two more functions. First, my own hint system, so that remotely I can get a password hint help me remember which password I use for the special site. The hint is something in my own words, “That woman you dated in 1982 spelled backwards plus your grandfather’s birth year” or however you form passwords. Possibly abbreviated to be harder to read “babe82 + gp” or somesuch.

Then at the untrusted cafe, you can go to your hint site and, using yet another pw (sigh), see your hints. Still risky but not as risky. A sheet of paper in wallet with the hints might be simpler and wiser, if you remember to update it.

Secondly it might be good if web sites, after logging on, refused to let another machine log on after that, for a few minutes, in which you could issue a command to lock your account and e-mail you the unlocking code. That means no more access until you can get to your email securely, of course.

As noted in other papers, SMS to your cell phone may help in these cases. A site where you can command your password be sent by SMS to your cell phone would let you not reveal your master PW. It needs a password itself, however, if you fear your phone being stolen, and you can be in trouble if SMS is sniffed but at least you will know about it.

As I blogged earlier, the only decent long term solution is for us to carry (presumably in our phones) a challenge/response engine for login to these sites. It can even happen over bluetooth with a single confirmation press on the phone. Cell carriers could even make it happen over radio and charge us money, which they love to do.