Password Maker

Oct 12

How-To Guides David No Comments
, , , , , , , , , , , , , , , , ,

Approximate reading time is 2 minutes

Password Maker

Password Maker

If you were following the tech news last week, hopefully you’ll have heard about the surge in leaked and phished passwords from Gmail, Hotmail and Yahoo. CNET UK covered it twice.

This brings up the thorny issue of how to effectively manage all of your passwords. Some people have one strong password they use everywhere, others will do this but append something for each site. Other people, who frankly scare me, use simple things like “password”, “12345″, “67890″, etc.

What exactly is a strong password? The more random and unpredictable a password is, the stronger it is. In other words, predictable passwords are easy to remember, and easy to crack.

Randomly flaying your fingers at the keyboard will generate a random block of text. Although, you need to recall this random text sometimes, but how? You could keep them all in a file, but this is no good, because if someone gets that file, you’re sunk (same goes for paper records). Even if you use a password manager which keeps your passwords in an encrypted file, they’re still there in a file, which if obtained, could be decrypted by brute force.

The Password Maker Firefox add-on.

The Password Maker Firefox add-on.

A while ago, I listened to Floss Weekly interviewing Eric Jung from the Foxy Proxy project. During the interview, his involvement with a free and open source project called Password Maker was mentioned. Password Maker works by generating a cryptographic hash of both the domain of the website you’re logging into and a master password of your choosing. Thus creating a different piece of pseudo-random text for every website you use. There are lots more settings so that you can finely tune what goes into the password, but don’t worry about those just now.

To put is simply, you never have to find or recover your passwords, because they’re never stored, they’re just generated for you when you need access to them.

The best way to use Password Maker is in the form of a Firefox add-on. However, if you’re away from home, or whatever, there is an on-line version and a mobile browser version, which you can even install on your own website, if you have one. This best security aspect of this is that your master password isn’t stored, and the hashing algorithm is already open, so there’s nothing to hack.

If any one of your site passwords are compromised, it is easy to create a new one by using a new master password. Furthermore, so that you’re not having to remember different master passwords for different sites, I would take one compromised password as an excuse to change ALL of your passwords. Changing your passwords is inconvenient when you have a lot of accounts on the web, but Password Maker makes it easier to get into the habit, especially with the Firefox add-on.

The recent news pushed me into finally doing this, although I had been putting it off due to  the fear of trying to make it work with my mobile browser. Although thanks to Opera Mini 5 now supporting text selection and tabbed browsing. This makes the mobile browser version a viable method for advanced password management on your phone.

Share this post

0
 Stumbleupon Delicious

Leave a Reply