FixWord

pulling the slider left suggests less leetspeak substituted passwords
pulling the slider right suggests more leetspeak substituted passwords
Using the chrome extension to make my google password secure
Securing my facebook password
weak user password takes 25 seconds to hack according to external PasswordStrength checker
Our suggested password still looks like original password and is memorable, but takes 14,000 years to hack

Inspiration

At the heart of digital security for everyone are passwords. However, a Google Survey found that 65% of people reuse passwords. Another survey reveals that 91% of respondents understand the risks of reusing passwords, but 59% still reuse them anyways. This is an issue of convenience and we can relate to this sentiment. Online, we found only random password generators that left us with a cumbersome and random password to remember. In hopes of solving this fundamental problem of reusing passwords, we hacked this digital security issue by making a convenient chrome-extension and website that modified users preferred passwords, suggesting safer and easily memorable alternatives.

What it does

We took inspiration from the convenience of Google Chrome extensions to make our own extension that provides similar alternatives to their preferred password conveniently to prevent them from reusing passwords. Whenever a user is on a password registration page, they can open Fixword, our extension, and enter in their preferred password to a text field. Fixword then suggests alternatives by swapping a variable number of letters with similar-looking numbers/symbols based on Leetspeak. At this point, the user may choose which 1 of 4 suggestions they want to use. If they decide they want a more Leetspeak heavy password or, conversely, a less Leetspeak heavy password, they can adjust the slider accordingly. When the user has found a password suggestion they like, they can just click it and copy it to their clipboard, leaving them with a unique, but memorable password that was conveniently accessible for them, effectively keeping them safe on the internet.

How we built it

We started this project by researching how exactly we want to change passwords. We decided that we wanted to

Swap some letters with Leetspeak substitutes, such as swapping Es with 3s
Have our new password's length be >= 8 characters
Capitalize a random amount of letters
Include some special symbols.

We ended up coding all this logic in a Node.js package (available to download). We made a list of 26 lists of Leetspeak substitutes to the 26 letters of the alphabet. We accomplished objective 1 with a function that finds all the indexes of letters in the inputted password and randomly swaps __% of them with a random leetspeak substitute of that letter. We accomplished objective 2 with another function that checks if the inputted password has less than 8 characters, and if it does, randomly append new letters and numbers in a 1:5 ratio respectively. We accomplished objective 3 using another function that randomly capitalizes the first few letters. Since most of our Leetspeak substitutes use symbols, objective 4 is also always accomplished.

Challenges we ran into

Building the logic took the majority of the first half. Once we finished, deploying our code to NPM was a big challenge. There were many issues with exporting the functions and it took a lot of playing around to get it to work. We then started on the chrome extension. We had never built a chrome extension before, so it was a lot of learning involved. We have experience with NodeJS and ReactJS, but this was just vanilla javascript, so it was a little bit of a struggle at first. Using our package with the logic with VanillaJS was proving to be very difficult, and after spending almost 2 hours on it, we decided to recode it for VanillaJS.

Accomplishments that we're proud of

We are most proud of how we were able to build our first-ever Chrome extension using react.js and node.js successfully within 24 hours. This was also the first hackathon of our team members, and we were still able to successfully collaborate in a remote environment and deploy a successful prototype. Furthermore, we were able to actually deploy our website online and submit our chrome extension for publishing so that people can actually use it. In short, we are proud of it all :)

What we learned

We learned a lot of different technologies throughout this Hackathon. Some of our teammates hadn’t used javascript much before, so they learned it to help code the logic in the node.js module. We also learned how to build a Chrome Extension and connect it to our React.JS website, learning more about React as we built the website. We also discovered Leetspeak.

What's next for FixWord

At the core, FixWord is a tool. We want to make the tool more and more convenient and accessible. Improving our extension to automatically detect when I am registering an account and creating widgets for mobile for use are just a couple of the ideas we have to grow. We also want to advance the core software to use more clever strategies to variate the passwords so other developers can use the software.