A lot of techniques exist to create unique secure passwords for the websites that you want to join. Most users however prefer the easy way and use one or a few passwords for all of the websites they are a member of and never change the password as well. The same applies to the username which is most of the time the same or a variation of that name.
The problem with this is that an attacker needs to get his hands on one password to be able to try and get into a lot of accounts from that user. This is a high security risk and it is advised to create unique passwords (and usernames) for the websites that you are a member of.
One tool that aids in the creation of unique passwords is the Password Hasher extension for Firefox. The Password Hasher creates a unique password, called Hash Word, that is generated from a unique site tag (normally the name of the website) and a master key provided by the user. The master key can be the same password because it is not stored on the website that you are a member of, only the generated hash word is used as the password on that website.
The benefit is that the user needs to remember the master key and not the unique and complicated hash word. Several options are available to define the size and keys of the hash word. The size can be between 6 and 14 chars with optional numbers, upper,lower case and special chars included.
The benefit of using Password Hasher is obvious. The user still needs to remember only one password if he likes but all websites he is a member of store different passwords that are generated using Password Hasher.
Related posts:
Use one password on all websitesExport your Firefox Passwords into a secure Password Manager
Import and Export Firefox Passwords
How to reset the Master Password in Firefox
Secure your saved passwords in firefox
Smart!
This will definitely help, but what happens when you’re not at your computer? You can’t get at your passwords.
If your looking for more portability, try an online service instead. I’m a PassPack founder so I have a definite bias, but shop around, there is plenty our there to choose from.
Online vs. Offline Password Managers:
http://tinyurl.com/3ba3et
Cheers,
Tara
I hope OpenID becomes standard soon…
a password manager like all the others ones.
Nice idea for sure! What would be even more helpful would be something that would do the same thing for other online type services like IM. Everything that I have seen seems to be geared toward just storing and maybe doing some filling in of password files on web pages only.