Most people know about the main problem with complex passwords. If you make something too complex to remember people start writing it down which defeats the purpose of having a secure password.

So alot of people have taken to using common words and replacing letters in a simple pattern such as p4ssw0rd etc
This provides very little extra protection as most modern bruteforce attacks will take these kinds of simple transformations into account and test for them as well.

Then I had an idea for a method which would allow a person to use a really simple to remember password - even something as basic as there Name, but while still having a pretty secure password.

By using a javascript bookmarklet which performs a transformation on a text string you could enter the word you wanted to use into the bookmarklet and it would generate a secure password for you.

One example:

var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

function encode64(input) {
   var output = "";
   var chr1, chr2, chr3;
   var enc1, enc2, enc3, enc4;
   var i = 0;

   do {
      chr1 = input.charCodeAt(i++);
      chr2 = input.charCodeAt(i++);
      chr3 = input.charCodeAt(i++);

      enc1 = chr1 >> 2;
      enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
      enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
      enc4 = chr3 & 63;

      if (isNaN(chr2)) {
         enc3 = enc4 = 64;
      } else if (isNaN(chr3)) {
         enc4 = 64;

      output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2) + 
         keyStr.charAt(enc3) + keyStr.charAt(enc4);
   } while (i < input.length);
   return output;

document.body.innerHTML= "<textarea>"+ encode64(prompt("Enter word to encode")) +"</textarea>";
This simple code uses base64 conversion to generate what appears to be a random string from a normal word. Making for a password which is going to take a very long time to brute force - but the user does not need to remember it. They simply enter their easy to remember password into the prompt and then the bookmarklet does all the work.

This same code as a bookmarklet

javascript:var keyStr="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";function encode64(input){var output="";var chr1,chr2,chr3;var enc1,enc2,enc3,enc4;var i=0;do {chr1=input.charCodeAt(i++);chr2=input.charCodeAt(i++);chr3=input.charCodeAt(i++);enc1=chr1>>2;enc2=((chr1&3)<<4)|(chr2>>4);enc3=((chr2&15)<<2)|(chr3>>6);enc4=chr3&63;if(isNaN(chr2)){enc3=enc4=64;}else if(isNaN(chr3)){enc4=64;}output=output+keyStr.charAt(enc1)+keyStr.charAt(enc2)+keyStr.charAt(enc3)+keyStr.charAt(enc4);}while(i<input.length);return output;}document.body.innerHTML="<textarea>"+encode64(prompt("Enter word to encode"))+"</textarea>";
The transformation does not have to be done with base64 - thats just an example. You could use anything like md5, sha1 or something unique that you designed yourself.

Thoughts, comments?