Create unique secure passwords for websites
Many methods exist to create unique secure passwords for the websites and services that you want to join. Most users however prefer the easy way and use one or a few passwords for all of the websites they are a member of and never change the password as well.
The same applies to the username which is most of the time the same or a variation of that name, and in most cases either the user's primary email address or a name that gets used over and over again on the web.
The problem with this is that an attacker needs to get the username and password of a single account to get access to many others used by that user. How they do it? By trying the username and password combination on popular services such as Facebook, Twitter, Google Pinterest, PayPal, Amazon and a lot of others.
This is a high security risk and it is advised to create unique passwords (and usernames) for the websites that you are a member of.
One tool that can aid you in the creation of unique passwords is the Password Hasher extension for Firefox. The Password Hasher add-on creates a unique password, called Hash Word, that is generated from a unique site tag (normally the name of the website) and a master key provided by the user. The master key can be the same password because it is not stored on the website that you are a member of, only the generated hash word is used as the password on that website.
The benefit is that you only need to remember the master key and not the unique and complicated hash word. So, nothing changes in terms of complexity for you.
Several options are available to define the size and keys of the hash word. The size can be between 6 and 14 chars with optional numbers, upper,lower case and special chars included.
Update: The site can be as large as high as 26 characters in the latest version of the extension.
The benefit of using Password Hasher is obvious. The user still needs to remember only one password if he likes but all websites he is a member of store different passwords that are generated using Password Hasher.
Online password managers such as LastPass or local programs such as KeePass offer secure password generators as well.
Nice idea for sure! What would be even more helpful would be something that would do the same thing for other online type services like IM. Everything that I have seen seems to be geared toward just storing and maybe doing some filling in of password files on web pages only.
a password manager like all the others ones.
I hope OpenID becomes standard soon…
This will definitely help, but what happens when you’re not at your computer? You can’t get at your passwords.
If your looking for more portability, try an online service instead. I’m a PassPack founder so I have a definite bias, but shop around, there is plenty our there to choose from.
Online vs. Offline Password Managers:
http://tinyurl.com/3ba3et
Cheers,
Tara
Smart!