Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.
Better security without bursting your brain
Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).
What good security practice demands:
-
Strong passwords that are hard to guess.
-
Different passwords at each site.
-
Periodically changing existing passwords.
Why you probably aren’t practicing good security:
-
Strong passwords are difficult to remember.
-
Juggling a multitude of passwords is a pain.
-
Updating passwords compounds the memorization problem.
How Password Hasher helps:
- Strong passwords are automatically generated.
- The same master key produces different passwords at many sites.
- You can quickly upgrade passwords by “bumping” the site tag.
- You can upgrade the master key without updating all sites at once.
- It supports different length passwords.
- It supports special requirements, such as digit and punctuation characters.
- All data is saved to the browser’s secure password database.
You can download Password Hasher here:
Or read more here.
opserver says
Never TRUST any Firefox tool bar Extension like the Megaupload one that messed up all your Bookmarks and browsing. So what good is this Password Hasher trying to do?
James C says
I use Password Safe originally written by Bruce Schneier (famous for the blowfish and twofish ciphers) http://passwordsafe.sourceforge.net/
Darknet says
The point of this is, most people use the same password for a lot of different sites.
This extension means you can use the same password or keyphrase, but still have a unique password for each site.
That means if any of the sites you use get compromised or any of your individual passwords get compromised the rest of the sites are safe, and the original password is still safe as you can’t reverse the hash.
Tools like password safe are better for password management in a traditional sense, this add-on is for making surfing specifically more secure.
David F says
Disagree that Password Safe is not suitable for surfing. I have ~60 passwords in mine, and 45 of them at least are for web-based facilities.
The problem with Firefox’s password storage is that itself, it is insecure. Password Safe takes measures to scrub its own tracks after operating.
Antoine says
But what append if you connect from another computer, without the extension ?
Darknet says
David F: Password safe still relies on you choosing the passwords though, rather than creating more secure passwords through auto-generation. I haven’t tried PS since an early version, how’s the Autotype feature? Does it work well for web forms?
Antoine: The same issue exists with Password Safe or any password management solution. With software though at least you can carry it on a USB drive. But then you can do the same with Portable Firefox.
David F says
Not so, I autogenerate 15-character passwords routinely. The only password I cannot autogenerate is the safe key itself. For that I use abstruse sentences and take initial letters of their words.
Autotype works on most sites. A few seem to be engineered to defeat it. I have yet to encounter a site where BOTH autotype AND paste-from-clipboard are not allowed.
KaBaL says
This offers a “Portable Page” option for moving around. Taken from the tool directly:
The Portable Page
You can generate a Portable Page to load and run in any browser when this extension is unavailable. It is similar to the online tool, but also knows your site tags and per-site option settings.
When you select one of your site tags in the drop-down list at the top it applies the appropriate options. The site tags and options known to the page represent a snapshot of what had been saved by the Password Hasher extension prior to generating the page. It serves as a useful of backup for your site tags and options. For security, the master key(s) are never saved in the page.
Make copies of the generated file to place on USB keys, servers, and other systems. You’ll be able to log in from anywhere, whether or not the Password Hasher is installed, and whether or not you’re running Firefox.
eM3rC says
I’ll have to check this out. I feel kind of insecure considering I just use normal passwords (for the normal stuff) with the default firefox password saver.
@Darknet
Thanks for the post. Everyday I learn something new here :)
@KaBaL
Thanks for talking about the portable feature. Makes me want to use it even more.
Louise says
You are all making very good points on password security. Password hashers are pretty good at creating personalized passwords but as some of you mentioned, what to do about too many passwords, passwords that you need to access from different computers, security etc etc. Password managers offer:
*a safe place to store your passwords
*strong password generators (an alternative to password hashers)
*AND a place to keep your accounts organized
Many may not know password managers come in two flavors: offline and online.
Here
Pantagruel says
Thanks for the link Louise
eM3rC says
Thanks Louise for the post.
I think most people will be just fine using passwords that use the typical slew of letters, numbers and special characters. For important things like online banking, generated passwords would seem like your best bet because of the level of security they issue (just keep the password written down in a notebook or something). For people such as CEOs or other big shot people, generated passwords seems like the best overall solution because one small leak could lead to bigger more elaborate problems.
Like some person said (if someone could tell me the source it would be much appreciated) “the safest computer is an unplugged computer”
mgwalks says
i think i will try this out.
Louise says
@Pantagruel and eM3rc and mgwalks
Sorry it has taken me so long to reply but thank you guys for checking us out. Hope you like PassPack!
Louise