Search the Community

SuperGenPass (see second post for update) The above link gives you an easy tool for creating secure passwords, though they are only usable online. You provide a master password, and it will then take that, combine it with the domain of the site, and creates an md5 hash of it. You can select options like the case of the password (I don't see a reason to pick anything other than "mixed", unless the site specifically requires a certain case), the length, and several other things. It can generate your passwords online, or you can create a bookmarklet that will do the same thing for you, but not require the website. In either case, your information is not transmitted back to his (or any other) site. So, all you have to do to start using this today is: go to the site, find the "build your bookmarklet" section, look through the options (the default are fine, but I changed the generated length from the default of 8 to "ask each time", and the case to "mixed"; be careful changing the length, if you use different numbers on each site, you might forget what you used on a particular site!). Then hit the "Build Bookmarklet" button, and add the bookmarklet to your browser. I added it to the bookmarks toolbar so it's always a single click away. Who this will help: Anyone who uses the same password for every website. If you're already using different, secure passwords at each site, then more power to you (that is difficult; the more secure a password is can generally be linked to how random the password is--along with other things like length and what the set of characters used is--so if you're remembering multiple secure passwords, you've got a great skill!) How this will make you more secure: Using a single password everywhere is dangerous. With this tool, you are using a different, totally random password at every site you visit. They can't be reverse engineered, i.e., a hacker could not take your generated password and figure out your master password from it. What this does NOT do: - If your master password is compromised, your password can be compromised. Of course, a malicious user would still have to know that you used this particular generator.- If your physical machine is compromised, particularly with the bookmarklet, particularly if your master password is encoded in the bookmarklet (I changed it to ask each time), you are not safe. You can turn off the browser's automatic storing of passwords, but that could get very cumbersome. If you are extra-paranoid, you can change your master password at a certain interval. And, to be honest, it probably wouldn't hurt to do that anyway, even with the randomness of this. A nice feature of this particular generator is that it is available online. If you lose the bookmarklet, if you get a new computer, whatever, you can find it at that site. If you're even worried about the site going offline, you can (in theory, I didn't try this) store the page locally, burn it to a few CDs, and even store one in a safe deposit box. I don't think I'll go that far though. A note for IE users (note 4/14/2012: this may not apply to newer versions of IE, I'm not sure):