Slashdot Mirror

← Back to Domains

Domain: passwordmaker.org

Stories and comments across the archive that link to passwordmaker.org.

Comments · 48

  1. Re:Sigh. by KeithIrwin · · Score: 1 · on The Man Who Wrote the Password Rules Regrets Doing So (gizmodo.com)

    Use PasswordMaker. It does the same thing but with a master password added as well and you can customize the output alphabet.

  2. passwordmaker.org by in_ur_face · · Score: 1 · on Ask Slashdot: How Do You Manage Your Passwords?

    I use passwordmaker.org which doesn't require keeping anything in a database. It uses a master password combined with a URL to generate a one-way hash which you use as a password. There are browser extensions to make it easy to fill in passwords when logging in (they pre-fill the URL in for you). You can customize the password hash algorithm, character set to use, length of password, and also any prefix or suffix that is to be applied. Since many sites need a capital letter, a number, and a special character I have them static as a suffix to apply to the hash. With these settings it'll generate a password that meets 95% of the sites password requirements.

    http://passwordmaker.org/ is also free.

    Honestly, the harder part is now remembering the username for each site (usually email or a few variations of usernames). I keep a database of my usernames for each site in the cloud.

  3. Passwordmaker by Hobadee · · Score: 1 · on Yep, People Are Still Using '123456' and 'Password' As Passwords In 2014

    This is why I use PasswordMaker. I get a separate, secure password for every site, only have to remember a single password, (and a simple configuration) and don't have a list of passwords stored anywhere.

    I'm constantly advocating for it yet nobody ever listens to me...

  4. Re:A piece of paper in a drawer by geminidomino · · Score: 1 · on Ask Slashdot: How To Protect Your Passwords From Amnesia?

    For websites, at least, I've found that an algorithmic generator works a treat. PasswordMaker (for firefox) works like that, and is just stupidly easy to use in most cases. (It can get a little trickier when the passwords are "too strong" for a given idiot website, and the occasional dumb luck where the generated password manages to lack one of the "blessed sigils")

    Like all the "password database" programs and apps out there, it relies on remembering a "master password", but instead of storing the passwords, it uses the master password, url, etc... and generates an output string. It never gets stored, and unless it's one of those "special" cases I mentioned above, you don't even have to specifically create a record for it.

    Honestly, even more than ABE and NoScript, that's the one extension that's still got me stapled to Firefox.

    You could probably use the same technique for your other passwords (and I think there might even be smartphone apps that work similarly), but without the auto-generate/populate feature of the extension, it didn't take me long to decide that manually inputting 20-character 7-bit clean passwords was a bit too far from "convenient" for my taste

  5. Re:Right-o by Stalks · · Score: 1 · on 35,000 vBulletin Sites Have Already Been Exploited By Week Old Hole

    http://www.passwordmaker.org/ is what I actually use. It allows you to create per-site options if required.

  6. Re:Simple solution by Sqr(twg) · · Score: 3, Informative · on Secret Security Questions Are a Joke

    Or go to passwordmaker.org, and use the security question (all lower case and no punctuation) as URL and your own secret password. Set the character set to hex digits so that the answer is easy to read out over the phone.

  7. Re:gpg by Anonymous Coward · · Score: 0 · on Lessons Learned From Cracking 2M LinkedIn Passwords

    Personally, I use Password Maker, pretty simplistic and has browser/iPhone apps. The only issue if you do this is when you log into the presentation machine in your office and can't remember your password for your ticketing system during backlog grooming... But, there's always the web-based javascript version you can use :)

  8. Re:Ha! by TwinkieStix · · Score: 1 · on How Many Seconds Would It Take To Crack Your Password?

    This is similar to how passwordmaker works. It hashes the website URL with your master password and provides a bunch of other salting and hashing choices.
    http://passwordmaker.org/

  9. Already Exists: http://passwordmaker.org/ by JakFrost · · Score: 5, Informative · on Google Working On Password Generator For Chrome

    Already Exists: http://passwordmaker.org/
    Google Chrome: http://passwordmaker.org/Google_Chrome

    The Problem

    If you're like most people, you have a few passwords that you use over and over again on many different websites. You know this isn't secure, yet you do it anyway. Why? Because it's difficult to remember a unique password for each and every web site that requires one.
    Existing Solutions

    Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use one of the many password managers that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's computer, or a public internet terminal. You can't get to your passwords without carrying them around or publishing them on the internet. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And publishing them on the internet? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database (Like the LastPass break in of May, 2011 LastPass Announcement).

    Our Solution

    PasswordMaker solves all of these issues. It is a small, lightweight, free, open-source tool for Internet Explorer, Firefox, Google Chrome, iPhone, Opera, PHP, Windows, OS/X, Linux, Flock, Yahoo! Widgets, Android, Python, and many other platforms & systems. It creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen. PasswordMaker has been around since about 2003 and so is a mature, stable, popular solution.
    How It Works

    Warning - technical jargon in this section!

    You provide PasswordMaker two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PasswordMaker calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." 1. In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!

    What About Portability?

    For times when you must use one of the rare platforms to which PasswordMaker hasn't been ported, or are using a system where you can't install any software, there's an online version which mimics the extension and works in all web browsers new and old. No downloads or installations are required.

  10. Already Exists: http://passwordmaker.org/ by JakFrost · · Score: 5, Informative · on Google Working On Password Generator For Chrome

    Already Exists: http://passwordmaker.org/
    Google Chrome: http://passwordmaker.org/Google_Chrome

    The Problem

    If you're like most people, you have a few passwords that you use over and over again on many different websites. You know this isn't secure, yet you do it anyway. Why? Because it's difficult to remember a unique password for each and every web site that requires one.
    Existing Solutions

    Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use one of the many password managers that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's computer, or a public internet terminal. You can't get to your passwords without carrying them around or publishing them on the internet. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And publishing them on the internet? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database (Like the LastPass break in of May, 2011 LastPass Announcement).

    Our Solution

    PasswordMaker solves all of these issues. It is a small, lightweight, free, open-source tool for Internet Explorer, Firefox, Google Chrome, iPhone, Opera, PHP, Windows, OS/X, Linux, Flock, Yahoo! Widgets, Android, Python, and many other platforms & systems. It creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen. PasswordMaker has been around since about 2003 and so is a mature, stable, popular solution.
    How It Works

    Warning - technical jargon in this section!

    You provide PasswordMaker two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PasswordMaker calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." 1. In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!

    What About Portability?

    For times when you must use one of the rare platforms to which PasswordMaker hasn't been ported, or are using a system where you can't install any software, there's an online version which mimics the extension and works in all web browsers new and old. No downloads or installations are required.

  11. Re:Pwdhash by pugugly · · Score: 1 · on Ask Slashdot: Changing Passwords For the New Year?

    http://passwordmaker.org/ is something of the same concept (And has a Firefox Plugin); Create a master password, pick password requirements (Legit characters/length) and a hash algorithm and it genarates a unique password for every website.

    I don't worry so much about changing them; I've upgraded them to 16 characters which is sufficient for practical purposes for the foreseeable future.

    Pug

  12. Re:My account was among those compromised. by Just+Some+Guy · · Score: 1 · on Valve Announces Massive Steam Server Intrusion

    I was thinking of something simpler such as "echo MyPassword69! slashdot.org|md5sum" and then "aaa53a64cbb02f01d79e6aa05f0027ba" using that as my password since many sites will take 32-character long passwords or they will truncate for you. More generalized than PasswordMaker and easier to access but no alpha-num+symbol translation and only (32) 0-9af characters but that should be random enough, or you can do sha1sum instead for a little longer hash string.

    DO NOT DO THIS. I don't mean this disrespectfully, but you don't know what you're doing. That's OK! People not named "Bruce" generally suck at secure algorithms. Crypto is hard and has unexpected implications until you're much more knowledgeable on the subject than you (or I) currently are. For example, suppose that hypothetical site helpfully truncates your password to 8 chars. By storing only 8 hex digits, you've reduced your password's keyspace to just 32 bits. If you used an algorithm with base64 encoding instead, you'd get the same complexity in only 5.3 chars.

    Despite what you claim, you're really much better off using a secure storage app that generates truly random passwords for you and stores them in a securely encrypted file. In another post here I mention that I use 1Password, but really any reputable app will get you the same protections. Your algorithm is a "security by obscurity" system; if someone knows your algorithm, gaining your master password gives them full access to every account you have. Contrast with a password locker where you can change your master password before the attacker gets access to the secret store, and in the worst case scenario provides you with a list of accounts you need to change.

    I haven't used PasswordMaker but I'd apply the same criticisms to them. If an attacker knows that you use PasswordMaker, they can narrow down the search space based on the very few things you can vary:

    • URL (the attacker will have this)
    • character set (dropdown gives you 6 choices)
    • which of nine hash algorithms was used (actually 13 - the FAQ is outdated)
    • modifier (algorithmically, part of your password)
    • username (attacker will have this or can likely guess it easily)
    • password length (let's say, likely to be between 8 and 20 chars, so 13 options)
    • password prefix (stupid idea that reduces your password's complexity)
    • password suffix (stupid idea that reduces your password's complexity)
    • which of nine l33t-speak levels was used
    • when l33t-speak was applied (total of 28 options: 9 levels each at three different "Use l33t" times, plus "not at all")

    My comments about the modifier being part of your password? Basically you're concatenating those strings together to create a longer password in some manner. There's not really a difference, and that's assuming you actually use the modifier.

    So, back to our attack scenario where a hacker has your master password, username, and a URL they want to visit: disregarding the prefix and suffix options, they have 6 * 13 * 13 * 28 = 28,392 possible output passwords to test. That should keep them busy for at least a minute or two. Oh, and when you've found out that your password is compromised? Hope you remember every website you've ever used PasswordMaker on!

    Seriously, please don't do this stuff. I'd much rather see you using pwgen to create truly random passwords and then using something like GnuPG to store them all in a strongly-encrypted file.

  13. My account was among those compromised. by JakFrost · · Score: 5, Interesting · on Valve Announces Massive Steam Server Intrusion

    Got hit with this one!

    On the morning of Nov 7th I started getting e-mails from Steam Support with confirmation codes when someone was trying to change my password and e-mail. Reinstalled Steam after a year or more of non-usage only to find that someone has been playing TeamFortress 2 on it, the same day. Changed my passwords. That evening received a number of angry e-mails from a Russian guy ( [www.crazy_denis@mail.ru]) demanding that I put the passwords back so he can use the account he bought and paid for. Used Google Translate into Russian sometimes Ukrainian to string him along through 12 short e-mails and got him to reveal and confirm that he actually had my username and password in clear text. Opened up a support case with Steam and forwarded the entire e-mail chain to them to start investigating. Got a form letter back, replied again asking them to check their systems for intrusion... today Slashdot story breaks about Steam being compromised. I wasn't the only one I guess!

    PasswordMaker - Storage-less and per-site unique hash based password scheme

    Changing all my passwords now to a PasswordMaker scheme for unique passwords for every single site based on a storege-less system that uses a master password + URL + other info you choose -> MD5 sum -> alpha-numeric symbols -> length limit to generate a unique password for every site and account based off your own single or multiple master passwords. You have to remember your own password and the settings you used and generate the same password every time that is unique and there is no secret data file to steal from you or for you to lose on a USB disk or upload to the net. This way your password is already hashed when you submit it to a site, it is unique per site, you don't have to store a list of passwords in any file, and you can regenerate your password on any browser, mobile phone, programming language since this app has been ported to practically everything.

    I was thinking of something simpler such as "echo MyPassword69! slashdot.org|md5sum" and then "aaa53a64cbb02f01d79e6aa05f0027ba" using that as my password since many sites will take 32-character long passwords or they will truncate for you. More generalized than PasswordMaker and easier to access but no alpha-num+symbol translation and only (32) 0-9af characters but that should be random enough, or you can do sha1sum instead for a little longer hash string.

    Here's the conversation for all of you.

    From: [mailto:www.crazy_denis@mail.ru]
    Sent: Monday, November 07, 2011 11:03 PM

    Crazy Denis: You bitch Give me my account is steam which I bought yesterday! will not come back you will have problems moshenik fucking

    JakFrost: I would kindly suggest you go and get another account from the source before you lose more than just money. To understand each.

    Crazy Denis: How do I get another account?

    JakFrost: Ask a guy who you got this one and get another one. This account is off limits.

    Crazy Denis: I wrote to him he was going to do nothing to write tehpoderzhku said there had already written an answer waiting for 24 hours
    damn well bring back pliz account you do what it's worth it

    JakFrost: What's the password for that account so that I could find one for you?

    Crazy Denis: Login: MyUsername Password: ********

    JakFrost: (No Reply)

    Crazy Denis: Well, I found?

    JakFrost: That is correct user name and password, but that account is currently blocked by Steam support of a security breach. I can not use it either, so it ruined for us both.

    Crazy Denis: Yes, all right there!, Today began to go wrong is led pishel password or an account is not suschustvuet

    JakFrost: I do not know, I get an error that the password is incorrect or the account has not been found.

    Crazy Denis: A registered on your soap the same account?

    JakFrost: No, it does not work.

    Crazy Denis: clear, damn well feel sorry for you and I were left wi

  14. Well.. by danielpublic · · Score: 4, Informative · on The Best Unknown Open Source Projects

    I'd say RepRap. Not that it is "unknown", but strange it is not mentioned all that often when one thinks about from that first blogpost in -05 and what have happened since. Especially these days when you can get the plasticparts (clonedel), stepper motors on ebay and a small drillpress for cheaps. Not to mention tiny "one board", easy to solder through hole solutions like Sanguinololu.

    Passwordmaker generates ditto for all my internets accounts, pinpadlocks etc. Runs on whatever you throw it at, as javascript, android, crapple, N900 (Thanks George (caco3)!), as CLI. Portable to say the least, mature and of course secure to the extent of what cards you got up your sleeve.

    I use Zim to organize everything these days! It's stays out of your way and doesn't complicate things. It uses textfiles as database, which is really nice as you get access to your stuff quickly through a terminal for example. Ok, sure I long for the day that it gets say a Couchdb-plugin...

    Redshift safes my eyes from getting cooked. I have yet to download that maemosandbox and compile it for my N900 though. There was a new release a few days ago btw, some new fine functions and not "just" bugfixes!

  15. Well.. by danielpublic · · Score: 4, Informative · on The Best Unknown Open Source Projects

    I'd say RepRap. Not that it is "unknown", but strange it is not mentioned all that often when one thinks about from that first blogpost in -05 and what have happened since. Especially these days when you can get the plasticparts (clonedel), stepper motors on ebay and a small drillpress for cheaps. Not to mention tiny "one board", easy to solder through hole solutions like Sanguinololu.

    Passwordmaker generates ditto for all my internets accounts, pinpadlocks etc. Runs on whatever you throw it at, as javascript, android, crapple, N900 (Thanks George (caco3)!), as CLI. Portable to say the least, mature and of course secure to the extent of what cards you got up your sleeve.

    I use Zim to organize everything these days! It's stays out of your way and doesn't complicate things. It uses textfiles as database, which is really nice as you get access to your stuff quickly through a terminal for example. Ok, sure I long for the day that it gets say a Couchdb-plugin...

    Redshift safes my eyes from getting cooked. I have yet to download that maemosandbox and compile it for my N900 though. There was a new release a few days ago btw, some new fine functions and not "just" bugfixes!

  16. Yes, yes... by danielpublic · · Score: 1 · on Brute-Force Password Cracking With GPUs

    "Omg, what am I going to do about my eight char password I use half across the Internets?"

    Well...
    One could print out a passwordcard.
    Then one might start using passwordmaker, to whatever phone/OS one fancy. By which time one (sh/c)ould check if ones passwords are long enough and while this "one" is at it, have a look at these tricks from an almost "tl;dr-ish" list. Now, apply elbow grease and a bit of go figure. "Problem solved? Moving on?"

    Oh, who am I kidding? Then all those (fear) mongering polemics would have to starve and we cant have that now can we? *fancifying tinfoilhat*

  17. Yes, yes... by danielpublic · · Score: 1 · on Brute-Force Password Cracking With GPUs

    "Omg, what am I going to do about my eight char password I use half across the Internets?"

    Well...
    One could print out a passwordcard.
    Then one might start using passwordmaker, to whatever phone/OS one fancy. By which time one (sh/c)ould check if ones passwords are long enough and while this "one" is at it, have a look at these tricks from an almost "tl;dr-ish" list. Now, apply elbow grease and a bit of go figure. "Problem solved? Moving on?"

    Oh, who am I kidding? Then all those (fear) mongering polemics would have to starve and we cant have that now can we? *fancifying tinfoilhat*

  18. Re:why no one time pad with index lookup by pugugly · · Score: 1 · on Google Adds Two-Factor Authentication To Gmail

    http://passwordmaker.org/ does exactly that - generates a password of specified size and character mix based on a Domain+MasterPassword Hash; Out of all the sites I use there are only maybe four that the generated password isn't suitable out of the box, and most of those involve adding a number or symbol at the end.

    Pug

  19. Re:They are 'anonymising' the data then selling it by Sonny_Jimbod · · Score: 2, Interesting · on TACO Extension for Firefox Forked After Proprietary Update

    It gets worse, check this page out: http://forums.passwordmaker.org/index.php/topic,1654.0.html Surely it's a massive conflict of interest for Eric Jung to be a board member of the Mozilla Add-ons governing board and to be actively working on an Add-on, especially one like this?

  20. Re:Why does password strength matter? by sildur · · Score: 1 · on Analysis of 32 Million Breached Passwords

    Try PasswordMaker. There is a firefox addon also.

  21. PasswordMaker by fialar · · Score: 1 · on Best Tool For Remembering Passwords?

    http://www.passwordmaker.org/
    All you have to remember is a master password. It will generate secure passwords for you depending on the "note text" you enter (whether it's a domain or something else.)

    Has a firefox extension, but also a CLI / PHP / Java version, so you can use it on anything.

  22. Re:Devise a scheme of your own by pugugly · · Score: 1 · on Best Tool For Remembering Passwords?

    That was what I was going to suggest. Passwordmaker has a Firefox Plugin, an Online Version (although you still need to remember your Master password and settings - Mine aren't the defaults obviously) and of course a downloadable Javascript implementation.

    As long as your master password and settings are secure (I'm a bad person, I have my master password saved. It's in a truecrypt volume (with my entire FF profile), but still), you should be secure against any reasonable attack. My biggest problem is websites that either don't accept a genuinely secure password, or one that have password complexity requirements that the particular hash of master password and domain name doesn't quite match, but those are rare.

    Pug

  23. Re:Devise a scheme of your own by pugugly · · Score: 1 · on Best Tool For Remembering Passwords?

    That was what I was going to suggest. Passwordmaker has a Firefox Plugin, an Online Version (although you still need to remember your Master password and settings - Mine aren't the defaults obviously) and of course a downloadable Javascript implementation.

    As long as your master password and settings are secure (I'm a bad person, I have my master password saved. It's in a truecrypt volume (with my entire FF profile), but still), you should be secure against any reasonable attack. My biggest problem is websites that either don't accept a genuinely secure password, or one that have password complexity requirements that the particular hash of master password and domain name doesn't quite match, but those are rare.

    Pug

  24. PasswordMaker by TwinkieStix · · Score: 1 · on Best Tool For Remembering Passwords?

    PasswordMaker is a great way to hash a master password with the URL of the website you are visiting. You only need to remember one or a few master passwords and have access to PasswordMaker. Passwordmaker supports several different hashing algorithyms as well as lots of other options, so you can customize the security of your passwords.

    There's a firefox extension:
    https://addons.mozilla.org/en-US/firefox/addon/469

    There's an open source javascript passwordmaker for when you are on the road, it runs completely client side - and you can self-host it if you are paranoid:
    http://passwordmaker.org/passwordmaker.html

    And, theres an Android app in the Market as well.

  25. Re:How to secure against this by Natales · · Score: 1 · on Password Hackers Do Big Business With Ex-Lovers

    That's exactly how PasswordMaker works. Simple and clever, and a remarkable improvement over the way people do passwords any way.

  26. Re:Just pointing out the obvious by KeithIrwin · · Score: 1 · on Poor Passwords A Worse Problem Than Poor Antivirus

    Well, for the ones which you can't change the password for, you should probably just write those down and then secure the piece of paper in a locked box. For the ones which you can change the password for, you should use PasswordMaker. It takes in a URL string and a master password and uses that to generate a site-specific password. Just make up an appropriate URL for the different accounts (it doesn't have to be real, just memorable). And I know you're going to say "but I can't install software". There's a javascript version, so all you have to do is to download a web page to your desktop and then open it.

  27. Re:Maybe not such a good idea... by KeithIrwin · · Score: 3, Insightful · on Poor Passwords A Worse Problem Than Poor Antivirus

    I use PasswordMaker for website passwords (as everyone should) with a 16 character password length. I've probably run into a half dozen sites which have silently removed the last 4 or 8 characters, cutting it down to 8 or 12 characters. I've also run into several which strip out "special" characters (single or double quotes, slashes, spaces, parentheses, or whatever else they feel threatened by) in an asymmetric manner. That is, they remove them from the password before they store it in the database but not when you type it in or vice versa. It's a real pain.

    I've also had other sites which simply reject my password because of excessive length or because it contains "special" characters. Any place which can't accept any password I give them is doing a terrible job of securing their users accounts.

  28. Re:Aggressive Social Sites by geminidomino · · Score: 1 · on Social Search Reveals 700 Comcast Customer Logins

    But I wish there was an easier way.

    If you use firefox, there is.

    Ask and ye shall receive.

  29. Re:Still waiting for adblock :( by geminidomino · · Score: 1 · on 2.0 Beta Chrome On Windows, Chromium On Linux

    Agreed, except I need ABP and PasswordMaker...

    I think I'm going to be stuck with the firefox crapfest for awhile. :(

  30. Re:From the hash-based-passwords dept.? by deroby · · Score: 1 · on Safari and Chrome: Tied For the Worst Password Manager

    sounds a lot like this plugin : http://passwordmaker.org/

    (off course, that's only based on your explanation and the little I know about how passwordmaker works. This being slashdot I clearly didn't read the website you refer too, nor the help that came with passwordmaker, no siree !)

  31. Re:I know why... by TimeTraveler1884 · · Score: 2, Interesting · on Google's Chrome Declining In Popularity

    That and I can't get into any of my accounts easily without passwordmaker integrated to generate my SHA256 based passwords.

  32. Re:Plaintext passwords? by geminidomino · · Score: 1 · on Changing Customers Password Without Consent

    Do you actually do that by hand?

    Password Maker works exactly the same way.

  33. Re:Plaintext passwords? by FlyveHest · · Score: 1 · on Changing Customers Password Without Consent

    You could use the excellent PasswordMaker extension, that does just that, with added bells and whistles. (Individual site rules, character-set etc)

    http://passwordmaker.org/

    Btw, I have nothing to do with the project, just a very happy user.

  34. Re:Use the Secure Login FF Extension by CopaceticOpus · · Score: 1 · on Holes Remain Open in Firefox Password Manager

    I also suggest using Password Maker to generate unique passwords for you. I don't even know the passwords to the websites I visit any more, I simply have them generated from one core password.

    You could use this extension by itself or combine it with the Secure Login extension.

    http://passwordmaker.org/

  35. Password Maker plug contained within by Glytch · · Score: 1 · on Holes Remain Open in Firefox Password Manager

    I'd like to plug Password Maker. It's under the LGPL license. It creates a per-site password using the site's domain name and a passphrase of your choosing as seeds. All the advantages of a password manager, strong passwords, and different passwords for different accounts without actually having to store anything on disk or remembering more than one passphrase. Since by default there's no password stored on disk (and the extension will specifically warn against doing this if you change that setting), there's nothing for password-stealing javascript exploits to get.

    Because of the hash that's used, it doesn't work on sites that require alphanumeric passwords, but any site with that idiotic requirement has serious security issues anyway.

  36. Re:Hiding by AKAImBatman · · Score: 3, Informative · on Memory Tools for Password Management?

    Until the site with the hashing algorithm you're using goes offline.

    So get a downloadable version and back it up. ;-)

    The online version is common because these passwords are for websites. So making a web-enabled version is a no-brainer. But the algo is so straightforward that it was pretty easy for the guys who made it to port it to different platforms.
  37. Re:Hiding by AKAImBatman · · Score: 4, Informative · on Memory Tools for Password Management?

    Use an MD5 password generator. You can use the same password across sites, but it won't get compromised. Ever. There are a few sites like these that can help you generate these passwords:

    http://passwordmaker.org/
    http://angel.net/~nic/passwdlet.html
    http://www.xs4all.nl/~jlpoutre/BoT/Javascript/Pass wordComposer/

  38. Re:So be smart, don't use the same by Greyfox · · Score: 2, Informative · on Is Flixster Using Deceptive Viral Practices?

    I thought technology should be able to solve this problem. A quick google search turns up The Firefox Password Maker Plugin. Looks like it'll generate secure unique passwords that you don't even have to know to use a given service, and control them all with a master password.

  39. Re:Plug-ins by geminidomino · · Score: 1 · on Firefox Creator No Longer Trusts Google

    I can't speak for GP, but I just looked at opera since I'm getting tired of FF's crap performance. The two deal-breakers.

    1. No extensions means no Password Maker . The non-integrated versions don't work so well in comparison.

    2. Opera9's "content" blocking sucks. No way I could find to block iFrames, for example, other than reading the source and manually trying to enter it.

    If not for those two issues, I'd switch now. Hell, Opera even has a portable app version now.

  40. Re:No way! by itlurksbeneath · · Score: 1 · on The Case for OpenID

    There's always the downloaded version.

  41. Re:No way! by itlurksbeneath · · Score: 1 · on The Case for OpenID

    Oops.. foobared the link. PasswordMaker

  42. passwordmaker by yulek · · Score: 1 · on Firefox 2.0 Password Manager Bug Exposes Passwords

    better than any password manager: http://www.passwordmaker.org/

  43. Re:Use a different password on every site! by Anonymous Coward · · Score: 1, Informative · on Freenode Network Hijacked, Passwords Compromised?

    Here you go:
    http://passwordmaker.org/

  44. Re:the trick... by 6*7 · · Score: 1 · on The Unspoken Taboo - The Never Expiring Password

    Exactly, all you need is a master "password": a way to generate "random" passwords.

    http://passwordmaker.org/ is a good example of this. It comes in the form of plugins or a standalone application.

    (I thought I posted on this already but I guess I forgot to hit submit)

  45. Why? by mboverload · · Score: 3, Insightful · on MD5 Collision Source Code Released

    Why not just use 2 different algorithms? Yes, it's possible. Or hell, use 3. Can some one tell me why not this isn't a standard practice? Even if one has a weakness, you still have the other to back it up

    I use HMAC-SHA-256 with PasswordMaker.

    https://passwordmaker.org/passwordmaker.html

  46. Password Maker by yulek · · Score: 1 · on Too Many Passwords

    i just started using PasswordMaker a few days ago and it's very cool. the only thing i don't like about this kind of solution is that if you somehow compromise your master password you've got to go and change ALL of your passwords.

    the firefox extension for PM is very nice.

  47. Re:Password algorithm by Anonymous Coward · · Score: 0 · on Coping with the Avalanche of IDs and Passwords?

    PasswordMaker http://passwordmaker.org/ gets around this by adding 10-15 other user-defined variables to the password=master+url formula. A brute-force attacker would have to know how you've configured these other variables, otherwise the search space becomes huge.

    Some of the variables are: character set used to encode the hash value, l33t-speak level (if any), when l33t-speak was applied, which of 9 hash algorithms did you use?, date counter, username (added to the formula so you can have multiple accounts at gmail.com, for example), password length, password prefix, password suffix.

    Best of luck cracking that with brute force, my friend.

  48. Password Maker by utopicillusion · · Score: 1 · on Coping with the Avalanche of IDs and Passwords?

    How about a Firefox extension...Password Maker http://passwordmaker.org/. I think this would work just fine!