My new password management technique
So we’re all guilty of it – we have one favorite password (or hopefully a selection of passwords) that we use around various sites for our email, IM clients, twitter, facebook etc etc. If we’re not guilty of this crime – our wives, girlfriends, partners, family members, friends certainly will be! I’ve never been comfortable with this method – sure it’s convenient but in these times we need to be ever more aware of protecting our online identity.
As a result of this weeks FLOSS which had Eric Jung author of FoxyProxy on the show, he also spoke about his other tool PasswordMaker which really attracted my attention.
PasswordMaker does exactly what it says on the tin, makes passwords. It exists in a variety of formats, a Firefox extension, an OSX desktop widget, an online version (with code available as download) and many more! But where PasswordMaker differs is that it will generate you a complex password for each site/resource you visit and you don’t need to store them anywhere – you only need to remember one password – “One password to rule them all!”
It works by taking your master password along with the address of a website (usually just the domain bit or any other string) and generating you a complex password using a one way hash – it will generate the same password every time if you enter the same master password, account settings and address/text string so you don’t ever need to store the generated passwords, you simply regenerate them each time – and with the multitude of methods available to generate passwords it’s made really simple. There are many different encryption algorithms to choose from, password lengths, password characters so provided you use the same settings whenever you want to retrieve your password then you’ll always get the same password returned.
The Firefox extension makes it really simple – on clicking the icon you are presented with a screen to enter your master password, the ‘using text’ field will have been prefilled with the domain of the site (configurable to use subdomain, query string etc too via options) you are visiting. Once you enter your master password, the extension will generate a password which you can copy to the clipboard and use it from there – it even clears it after a set amount of time.
Should you need to generate a password for say MSN, then you can override the address with a simple string of text say ‘msnmessenger’ which will then be used to produce a password for you – equally server logins, FTP accounts, DB connections – provided you have a master password and a memorable unique identifier for the thing being secured then it will work for you – provided you can accept a minor inconvenience to have to enter your master password each time you need to use it.
It’s really worth checking out! Why not try it on a few sites and set how you get on…surely being safer on the internet is worth a little inconvenience?
ps If you have room for another podcast then add FLOSS to your pod catcher – it stands for Free Libre Open Source Software.
No related posts.
Umm . . . have you tried 1Password? I’ve been using it for over 2 years or so and I love it. Works within FF and Safari, and has a good password generator. Even remembers the last 80 passwords you generated so that if a website hiccups after you’ve created a user account and you’ve forgotten to click Save 1Password account, you can retrieve the created password.
sure I’ve heard of 1password.
Firstly, 1Password is Mac only – useless for Windows folk.
Secondly it costs and it’s closed source so you don’t really know what it’s doing with your passwords.
Thirdly – I don’t want to have to store passwords. The beauty of PasswordMaker is that it gives you same password back each time for each site – so you don’t need any software at all!
Forthly – what happens if you’re at a friends house and you need a password – assuming you don’t have the iphone edition in your pocket.
I rest my case…
I used to use a tool like this, but I got tired of the trouble of getting your password when you’re on another machine (or on your phone). I had the tool on my website, but it was a pain to go to the tool for every site when I was away from my main PC. I went back to a method I use to easily have a unique password for every site, and it’s all in my head.
My Anti-Virus gave me an alert on this page saying it blocked:
JS/Exploit-Packed.c.gen
Has this WordPress site been hacked?
-Daniel
Daniel
McAffee by any chance?
http://vil.nai.com/vil/content/v_218755.htm
john.
and an additional thought to this – if you’re using a password manager like 1Password, KeePass etc then you usually need to enter a password to ‘unlock’ the app anyway – so using PasswordMaker isn’t all that much more inconvenient.
My product PasswordsPro ( http://www.passwordspro.com ) support to execute it from a pendrive (connected to a Windows machine or Linux with Wine).
This feature should solve the problem of portability.