15 February 2008 | 117,047 views

Password Hasher Firefox Extension

Check For Vulnerabilities with Acunetix

Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.

Better security without bursting your brain

Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).

What good security practice demands:

      Strong passwords that are hard to guess.
      Different passwords at each site.
      Periodically changing existing passwords.

Why you probably aren’t practicing good security:

      Strong passwords are difficult to remember.
      Juggling a multitude of passwords is a pain.
      Updating passwords compounds the memorization problem.

How Password Hasher helps:

  • Strong passwords are automatically generated.
  • The same master key produces different passwords at many sites.
  • You can quickly upgrade passwords by “bumping” the site tag.
  • You can upgrade the master key without updating all sites at once.
  • It supports different length passwords.
  • It supports special requirements, such as digit and punctuation characters.
  • All data is saved to the browser’s secure password database.

You can download Password Hasher here:

passhash-1.0.5.xpi

Or read more here.



Recent in Countermeasures:
- StegExpose – Steganalysis Tool For Detecting Steganography In Images
- Twitter Patents Technique To Detect Mobile Malware
- Passera – Generate A Unique Strong Password For Every Website

Related Posts:
- XSS Warning – A Security Extension/Add-on for Firefox
- Firefox Extension Spyware – FormSpy
- PwdHash from Stanford – Generate Passwords by Hashing the URL

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,184 views
- Password Hasher Firefox Extension - 117,047 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,560 views

Advertise on Darknet

14 Responses to “Password Hasher Firefox Extension”

  1. opserver 15 February 2008 at 8:30 am Permalink

    Never TRUST any Firefox tool bar Extension like the Megaupload one that messed up all your Bookmarks and browsing. So what good is this Password Hasher trying to do?

  2. James C 15 February 2008 at 8:41 am Permalink

    I use Password Safe originally written by Bruce Schneier (famous for the blowfish and twofish ciphers) http://passwordsafe.sourceforge.net/

  3. Darknet 15 February 2008 at 9:31 am Permalink

    The point of this is, most people use the same password for a lot of different sites.

    This extension means you can use the same password or keyphrase, but still have a unique password for each site.

    That means if any of the sites you use get compromised or any of your individual passwords get compromised the rest of the sites are safe, and the original password is still safe as you can’t reverse the hash.

    Tools like password safe are better for password management in a traditional sense, this add-on is for making surfing specifically more secure.

  4. David F 15 February 2008 at 1:16 pm Permalink

    Disagree that Password Safe is not suitable for surfing. I have ~60 passwords in mine, and 45 of them at least are for web-based facilities.

    The problem with Firefox’s password storage is that itself, it is insecure. Password Safe takes measures to scrub its own tracks after operating.

  5. Antoine 15 February 2008 at 1:18 pm Permalink

    But what append if you connect from another computer, without the extension ?

  6. Darknet 15 February 2008 at 1:52 pm Permalink

    David F: Password safe still relies on you choosing the passwords though, rather than creating more secure passwords through auto-generation. I haven’t tried PS since an early version, how’s the Autotype feature? Does it work well for web forms?

    Antoine: The same issue exists with Password Safe or any password management solution. With software though at least you can carry it on a USB drive. But then you can do the same with Portable Firefox.

  7. David F 15 February 2008 at 2:05 pm Permalink

    Not so, I autogenerate 15-character passwords routinely. The only password I cannot autogenerate is the safe key itself. For that I use abstruse sentences and take initial letters of their words.

    Autotype works on most sites. A few seem to be engineered to defeat it. I have yet to encounter a site where BOTH autotype AND paste-from-clipboard are not allowed.

  8. KaBaL 15 February 2008 at 10:25 pm Permalink

    This offers a “Portable Page” option for moving around. Taken from the tool directly:

    The Portable Page

    You can generate a Portable Page to load and run in any browser when this extension is unavailable. It is similar to the online tool, but also knows your site tags and per-site option settings.

    When you select one of your site tags in the drop-down list at the top it applies the appropriate options. The site tags and options known to the page represent a snapshot of what had been saved by the Password Hasher extension prior to generating the page. It serves as a useful of backup for your site tags and options. For security, the master key(s) are never saved in the page.

    Make copies of the generated file to place on USB keys, servers, and other systems. You’ll be able to log in from anywhere, whether or not the Password Hasher is installed, and whether or not you’re running Firefox.

  9. eM3rC 16 February 2008 at 3:51 am Permalink

    I’ll have to check this out. I feel kind of insecure considering I just use normal passwords (for the normal stuff) with the default firefox password saver.

    @Darknet
    Thanks for the post. Everyday I learn something new here :)

    @KaBaL
    Thanks for talking about the portable feature. Makes me want to use it even more.

  10. Louise 21 February 2008 at 12:52 pm Permalink

    You are all making very good points on password security. Password hashers are pretty good at creating personalized passwords but as some of you mentioned, what to do about too many passwords, passwords that you need to access from different computers, security etc etc. Password managers offer:

    *a safe place to store your passwords

    *strong password generators (an alternative to password hashers)

    *AND a place to keep your accounts organized

    Many may not know password managers come in two flavors: offline and online.

    Here

  11. Pantagruel 21 February 2008 at 10:25 pm Permalink

    Thanks for the link Louise

  12. eM3rC 22 February 2008 at 2:31 am Permalink

    Thanks Louise for the post.

    I think most people will be just fine using passwords that use the typical slew of letters, numbers and special characters. For important things like online banking, generated passwords would seem like your best bet because of the level of security they issue (just keep the password written down in a notebook or something). For people such as CEOs or other big shot people, generated passwords seems like the best overall solution because one small leak could lead to bigger more elaborate problems.

    Like some person said (if someone could tell me the source it would be much appreciated) “the safest computer is an unplugged computer”

  13. mgwalks 12 March 2008 at 4:44 am Permalink

    i think i will try this out.

  14. Louise 3 April 2008 at 10:38 am Permalink

    @Pantagruel and eM3rc and mgwalks

    Sorry it has taken me so long to reply but thank you guys for checking us out. Hope you like PassPack!

    Louise