Domain: pwdhash.com
Stories and comments across the archive that link to pwdhash.com.
Comments · 10
-
Re:Use an Algorithm
or just use pwdhash https://www.pwdhash.com/. There is firefox and Chrome addons
-
Re:Yet another reason to use a variety of password
Yep, I love pwdhash. It's portable without worrying about leaving a password database on a thumbdrive or in the cloud, it can generate long, site-unique passwords while using the same base password. Pwdhash is pretty nice in that it is sensitive to stupid websites that don't allow special characters, too - if you put a special in the password you supply, it very likely (but not necessarily) include one in the password it generates. If you don't put specials in the user-supplied portion, the output is just alphanumeric. Of course, there are still the stupid websites that want passwords to be 12 characters or less, and/or have to start with a letter, and/or other asinine rules. A downside though is that there is a maximum length for the passwords pwdhash generates, 22 chars if I remember correctly, but at this point, I don't think that's really an issue.
Still don't recommend actually using the same base password for everything, of course.
The other cool thing about pwdhash (and potentially, similar services too) is that they don't have to be used on websites. You can use it to generate passwords for, say, your wireless. Do something like the SSID in place of the website, then supply your part of the password.
-
Re:A great reminder?
You're welcome!
-
pwdhash FTW
One very good solution is to use pwdhash:
https://www.pwdhash.com/You can install it as a local plugin for Firefox or as bash/ruby scripts on your computer.
You only need to remember one strong master password, and forget about the rest.You get something like this, depending on domains (no phishing!) & the length of your master password:
+1xhTRy7T for ebay.com
fRrL2nI7+ for amazon.com
TYZyfI0u+ for facebook.com
3yL+WQBF7 for skype.com
+KwIr4FId for delicious.comEnjoy!
-
Re:Torn
I like SuperGenPass. It never actually saves a copy of your passwords, it algorithmically generates them from the site's domain name and your master password.
I like this approach. Is this similar to Stanford's PwdHash bookmarklet? I've never heard of SuperGenPass or its author before. Here's a caution about not using it on pages you don't trust: http://akibjorklund.com/2009/supergenpass-is-not-that-secure
PwdHash online version: https://www.pwdhash.com/
Firefox add-on: https://addons.mozilla.org/en-US/firefox/addon/1033/) -
PwdHashhttps://www.pwdhash.com/
Available in three ways:- Online at the above address -- works with any browser that supports JavaScript.
- As a plugin for FireFox (and beta plugins for other browsers): Press F2 or type @@ at the beginning of a text field for the plugin to kick in.
- As a webpage (the one at https://www.pwdhash.com/ )with JavaScript code that you can store on disk and open in any browser.
Constructs a one-way hash of
- the password entered in a password (or other text) field, and
- the domain name of the site where the password is used (both these can be entered manually in methods 1 and 3)
to get a domain-specific password. Memorize one strong password and use this utility to get distinct passwords for each domain. The generated passwords are (usually) complicated enough to pass any conceivable non-triviality test.
-
PwdHashhttps://www.pwdhash.com/
Available in three ways:- Online at the above address -- works with any browser that supports JavaScript.
- As a plugin for FireFox (and beta plugins for other browsers): Press F2 or type @@ at the beginning of a text field for the plugin to kick in.
- As a webpage (the one at https://www.pwdhash.com/ )with JavaScript code that you can store on disk and open in any browser.
Constructs a one-way hash of
- the password entered in a password (or other text) field, and
- the domain name of the site where the password is used (both these can be entered manually in methods 1 and 3)
to get a domain-specific password. Memorize one strong password and use this utility to get distinct passwords for each domain. The generated passwords are (usually) complicated enough to pass any conceivable non-triviality test.
-
Re:His Password Comment
PwdHash: https://addons.mozilla.org/en-US/firefox/addon/1033
Based on work from https://www.pwdhash.com/ or http://crypto.stanford.edu/PwdHash/ -
Re:OK, so we have a plug-in..
Check out the Stanford password hash ("PwdHash") program. It already does what you want, complete with extensions for Firefox and IE:
https://www.pwdhash.com/ or http://crypto.stanford.edu/PwdHash/
https://addons.mozilla.org/en-US/firefox/addon/1033
When away from your computer, you can use their website (or a copy of their code on your website) to generate the hashed passwords. -
Re:[Slightly OT] Phishing -- a partial solution
No. If you are in a place where you can't use the extension (cybercafe, someone else's computer, etc.), you can go to http://www.pwdhash.com/ and generate it there. You can also get it as a bookmarklet instead of an extension, BTW.