Password Hasher Firefox Extension

Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.

Better security without bursting your brain

Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).

What good security practice demands:

      Strong passwords that are hard to guess.
      Different passwords at each site.
      Periodically changing existing passwords.

Why you probably aren’t practicing good security:

      Strong passwords are difficult to remember.
      Juggling a multitude of passwords is a pain.
      Updating passwords compounds the memorization problem.

How Password Hasher helps:

  • Strong passwords are automatically generated.
  • The same master key produces different passwords at many sites.
  • You can quickly upgrade passwords by “bumping” the site tag.
  • You can upgrade the master key without updating all sites at once.
  • It supports different length passwords.
  • It supports special requirements, such as digit and punctuation characters.
  • All data is saved to the browser’s secure password database.

You can download Password Hasher here:


Or read more here.

Posted in: Countermeasures, Security Software

, , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

14 Responses to Password Hasher Firefox Extension

  1. opserver February 15, 2008 at 8:30 am #

    Never TRUST any Firefox tool bar Extension like the Megaupload one that messed up all your Bookmarks and browsing. So what good is this Password Hasher trying to do?

  2. James C February 15, 2008 at 8:41 am #

    I use Password Safe originally written by Bruce Schneier (famous for the blowfish and twofish ciphers)

  3. Darknet February 15, 2008 at 9:31 am #

    The point of this is, most people use the same password for a lot of different sites.

    This extension means you can use the same password or keyphrase, but still have a unique password for each site.

    That means if any of the sites you use get compromised or any of your individual passwords get compromised the rest of the sites are safe, and the original password is still safe as you can’t reverse the hash.

    Tools like password safe are better for password management in a traditional sense, this add-on is for making surfing specifically more secure.

  4. David F February 15, 2008 at 1:16 pm #

    Disagree that Password Safe is not suitable for surfing. I have ~60 passwords in mine, and 45 of them at least are for web-based facilities.

    The problem with Firefox’s password storage is that itself, it is insecure. Password Safe takes measures to scrub its own tracks after operating.

  5. Antoine February 15, 2008 at 1:18 pm #

    But what append if you connect from another computer, without the extension ?

  6. Darknet February 15, 2008 at 1:52 pm #

    David F: Password safe still relies on you choosing the passwords though, rather than creating more secure passwords through auto-generation. I haven’t tried PS since an early version, how’s the Autotype feature? Does it work well for web forms?

    Antoine: The same issue exists with Password Safe or any password management solution. With software though at least you can carry it on a USB drive. But then you can do the same with Portable Firefox.

  7. David F February 15, 2008 at 2:05 pm #

    Not so, I autogenerate 15-character passwords routinely. The only password I cannot autogenerate is the safe key itself. For that I use abstruse sentences and take initial letters of their words.

    Autotype works on most sites. A few seem to be engineered to defeat it. I have yet to encounter a site where BOTH autotype AND paste-from-clipboard are not allowed.

  8. KaBaL February 15, 2008 at 10:25 pm #

    This offers a “Portable Page” option for moving around. Taken from the tool directly:

    The Portable Page

    You can generate a Portable Page to load and run in any browser when this extension is unavailable. It is similar to the online tool, but also knows your site tags and per-site option settings.

    When you select one of your site tags in the drop-down list at the top it applies the appropriate options. The site tags and options known to the page represent a snapshot of what had been saved by the Password Hasher extension prior to generating the page. It serves as a useful of backup for your site tags and options. For security, the master key(s) are never saved in the page.

    Make copies of the generated file to place on USB keys, servers, and other systems. You’ll be able to log in from anywhere, whether or not the Password Hasher is installed, and whether or not you’re running Firefox.

  9. eM3rC February 16, 2008 at 3:51 am #

    I’ll have to check this out. I feel kind of insecure considering I just use normal passwords (for the normal stuff) with the default firefox password saver.

    Thanks for the post. Everyday I learn something new here :)

    Thanks for talking about the portable feature. Makes me want to use it even more.

  10. Louise February 21, 2008 at 12:52 pm #

    You are all making very good points on password security. Password hashers are pretty good at creating personalized passwords but as some of you mentioned, what to do about too many passwords, passwords that you need to access from different computers, security etc etc. Password managers offer:

    *a safe place to store your passwords

    *strong password generators (an alternative to password hashers)

    *AND a place to keep your accounts organized

    Many may not know password managers come in two flavors: offline and online.


  11. Pantagruel February 21, 2008 at 10:25 pm #

    Thanks for the link Louise

  12. eM3rC February 22, 2008 at 2:31 am #

    Thanks Louise for the post.

    I think most people will be just fine using passwords that use the typical slew of letters, numbers and special characters. For important things like online banking, generated passwords would seem like your best bet because of the level of security they issue (just keep the password written down in a notebook or something). For people such as CEOs or other big shot people, generated passwords seems like the best overall solution because one small leak could lead to bigger more elaborate problems.

    Like some person said (if someone could tell me the source it would be much appreciated) “the safest computer is an unplugged computer”

  13. mgwalks March 12, 2008 at 4:44 am #

    i think i will try this out.

  14. Louise April 3, 2008 at 10:38 am #

    @Pantagruel and eM3rc and mgwalks

    Sorry it has taken me so long to reply but thank you guys for checking us out. Hope you like PassPack!