Password Generator
This is a client-side javascript page to help generate unique, strong passwords.
The idea is that you have a single master-password,
and then passwords for individual sites are generated by combining each site name with the master password,
and then using a one-way hash (md5).
|
- choose a secret master password.
- enter the domain of a site you would like to generate a pw for.
do this in a consistent format, i recommend using just the last two words of the site URL,
eg for "http://www.foo.bar.com", just use "bar.com".
i also provide a little "url normalizer", which seems to work well too.
- click generate!
motivation
Monster.com was recently hacked for the second time, and user account IDs and passwords are now stolen.
Best practice is for sites to not store actual passwords in their database, but instead store one-way hashes,
and then compare incoming passwords against the hash. This is good because then if the data is stolen,
the thief doesn't have your password, just a hash of it. As a user, you can't always rely on web sites to
store your username and password securely, so the best practise for a user is to use a unique, unpredictable password
for every website. That way if/when a site gets hacked, the thief only has your password to that one site.
In practise, many people use just a handful of unique passwords across a wide array of sites, because it's a PITA
to use lots of unpredictable, unique passwords.
This page is an experiment at making it simpler to create unique unpredictable passwords.
The idea is that you think of a single master password, and that password is used as "salt" in a hashing of
a given site name, yielding a password which is predictable to you, but unpredictable to anyone else.
I'm sure there are applications to make this even easier, but i wanted to see how much hassle it is to do it this
somewhat manual but very simple way.
If you use this page, you might want to grab a copy of the source .html (this and this)
in case this site ever goes down!
|
|