Comments on: Password Hasher Firefox Extension http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/ Ethical Hacking, Penetration Testing & Computer Security Fri, 21 Nov 2008 03:52:58 +0000 http://wordpress.org/?v=2.6.3 By: Louise http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-122591 Louise Thu, 03 Apr 2008 10:38:10 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-122591 @Pantagruel and eM3rc and mgwalks Sorry it has taken me so long to reply but thank you guys for checking us out. Hope you like PassPack! Louise @Pantagruel and eM3rc and mgwalks

Sorry it has taken me so long to reply but thank you guys for checking us out. Hope you like PassPack!

Louise

]]> By: mgwalks http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-117881 mgwalks Wed, 12 Mar 2008 04:44:51 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-117881 i think i will try this out. i think i will try this out.

]]> By: eM3rC http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-113320 eM3rC Fri, 22 Feb 2008 02:31:11 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-113320 Thanks Louise for the post. I think most people will be just fine using passwords that use the typical slew of letters, numbers and special characters. For important things like online banking, generated passwords would seem like your best bet because of the level of security they issue (just keep the password written down in a notebook or something). For people such as CEOs or other big shot people, generated passwords seems like the best overall solution because one small leak could lead to bigger more elaborate problems. Like some person said (if someone could tell me the source it would be much appreciated) "the safest computer is an unplugged computer" Thanks Louise for the post.

I think most people will be just fine using passwords that use the typical slew of letters, numbers and special characters. For important things like online banking, generated passwords would seem like your best bet because of the level of security they issue (just keep the password written down in a notebook or something). For people such as CEOs or other big shot people, generated passwords seems like the best overall solution because one small leak could lead to bigger more elaborate problems.

Like some person said (if someone could tell me the source it would be much appreciated) “the safest computer is an unplugged computer”

]]> By: Pantagruel http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-113264 Pantagruel Thu, 21 Feb 2008 22:25:35 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-113264 Thanks for the link Louise Thanks for the link Louise

]]> By: Louise http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-113210 Louise Thu, 21 Feb 2008 12:52:36 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-113210 You are all making very good points on password security. Password hashers are pretty good at creating personalized passwords but as some of you mentioned, what to do about too many passwords, passwords that you need to access from different computers, security etc etc. Password managers offer: *a safe place to store your passwords *strong password generators (an alternative to password hashers) *AND a place to keep your accounts organized Many may not know password managers come in two flavors: offline and online. Here’s a short comparison of online vs offline: http://passpack.wordpress.com/2007/01/29/online-vs-offline-password-managers/ Louise (PassPack) You are all making very good points on password security. Password hashers are pretty good at creating personalized passwords but as some of you mentioned, what to do about too many passwords, passwords that you need to access from different computers, security etc etc. Password managers offer:

*a safe place to store your passwords

*strong password generators (an alternative to password hashers)

*AND a place to keep your accounts organized

Many may not know password managers come in two flavors: offline and online.

Here’s a short comparison of online vs offline:

http://passpack.wordpress.com/2007/01/29/online-vs-offline-password-managers/

Louise (PassPack)

]]> By: eM3rC http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111844 eM3rC Sat, 16 Feb 2008 03:51:05 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111844 I'll have to check this out. I feel kind of insecure considering I just use normal passwords (for the normal stuff) with the default firefox password saver. @Darknet Thanks for the post. Everyday I learn something new here :) @KaBaL Thanks for talking about the portable feature. Makes me want to use it even more. I’ll have to check this out. I feel kind of insecure considering I just use normal passwords (for the normal stuff) with the default firefox password saver.

@Darknet
Thanks for the post. Everyday I learn something new here :)

@KaBaL
Thanks for talking about the portable feature. Makes me want to use it even more.

]]> By: KaBaL http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111780 KaBaL Fri, 15 Feb 2008 22:25:02 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111780 This offers a "Portable Page" option for moving around. Taken from the tool directly: The Portable Page You can generate a Portable Page to load and run in any browser when this extension is unavailable. It is similar to the online tool, but also knows your site tags and per-site option settings. When you select one of your site tags in the drop-down list at the top it applies the appropriate options. The site tags and options known to the page represent a snapshot of what had been saved by the Password Hasher extension prior to generating the page. It serves as a useful of backup for your site tags and options. For security, the master key(s) are never saved in the page. Make copies of the generated file to place on USB keys, servers, and other systems. You'll be able to log in from anywhere, whether or not the Password Hasher is installed, and whether or not you're running Firefox. This offers a “Portable Page” option for moving around. Taken from the tool directly:

The Portable Page

You can generate a Portable Page to load and run in any browser when this extension is unavailable. It is similar to the online tool, but also knows your site tags and per-site option settings.

When you select one of your site tags in the drop-down list at the top it applies the appropriate options. The site tags and options known to the page represent a snapshot of what had been saved by the Password Hasher extension prior to generating the page. It serves as a useful of backup for your site tags and options. For security, the master key(s) are never saved in the page.

Make copies of the generated file to place on USB keys, servers, and other systems. You’ll be able to log in from anywhere, whether or not the Password Hasher is installed, and whether or not you’re running Firefox.

]]> By: David F http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111700 David F Fri, 15 Feb 2008 14:05:02 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111700 Not so, I autogenerate 15-character passwords routinely. The only password I cannot autogenerate is the safe key itself. For that I use abstruse sentences and take initial letters of their words. Autotype works on most sites. A few seem to be engineered to defeat it. I have yet to encounter a site where BOTH autotype AND paste-from-clipboard are not allowed. Not so, I autogenerate 15-character passwords routinely. The only password I cannot autogenerate is the safe key itself. For that I use abstruse sentences and take initial letters of their words.

Autotype works on most sites. A few seem to be engineered to defeat it. I have yet to encounter a site where BOTH autotype AND paste-from-clipboard are not allowed.

]]> By: Darknet http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111693 Darknet Fri, 15 Feb 2008 13:52:06 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111693 <strong>David F:</strong> Password safe still relies on you choosing the passwords though, rather than creating more secure passwords through auto-generation. I haven't tried PS since an early version, how's the Autotype feature? Does it work well for web forms? <strong>Antoine:</strong> The same issue exists with Password Safe or any password management solution. With software though at least you can carry it on a USB drive. But then you can do the same with Portable Firefox. David F: Password safe still relies on you choosing the passwords though, rather than creating more secure passwords through auto-generation. I haven’t tried PS since an early version, how’s the Autotype feature? Does it work well for web forms?

Antoine: The same issue exists with Password Safe or any password management solution. With software though at least you can carry it on a USB drive. But then you can do the same with Portable Firefox.

]]> By: Antoine http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111686 Antoine Fri, 15 Feb 2008 13:18:32 +0000 http://www.darknet.org.uk/2008/02/password-hasher-firefox-extension/#comment-111686 But what append if you connect from another computer, without the extension ? But what append if you connect from another computer, without the extension ?

]]>