5 Comments

Summary:

Everyone knows by now that you should use a unique password for every web site that requires one, and that those passwords should be tough to guess. But managing all of those passwords is tough, and it gets tougher if you’re a roaming web worker who […]

Everyone knows by now that you should use a unique password for every web site that requires one, and that those passwords should be tough to guess. But managing all of those passwords is tough, and it gets tougher if you’re a roaming web worker who might need account access from anywhere, across a variety of operating systems and browsers. PasswordMaker offers a unique way to solve this problem, by letting you remember a single password and generating all of the others for you.

PasswordMaker takes advantage of the power of a one-way algorithm to do this: a mathematical formula that always yields the same output when presented with the same input, but which is prohibitively hard to run in reverse. In the case of PasswordMaker, the inputs are your master password (a single strong password that, hopefully, you won’t write down anywhere) and the URL of the site you’re visiting (or any other text you choose). Given these inputs, PasswordMaker will generate the same password every time – and then it can copy it to the clipboard or auto-populate a login form for you.ScreenshotThe big attraction of PasswordMaker is that you’re not tied to a database of passwords stored on a single computer (or, worse, on the web somewhere). If you’re at a new computer, just install the software, remember your master password, and all of your other passwords are right there for you, waiting to be regenerated on demand.

Even better, the basic algorithm of PasswordMaker (which is open source, a good thing if you want to verify that the software isn’t doing anything nefarious with the information that you enter) has been ported to a variety of environments. You can use it as a Firefox addin (I tested in Firefox 3, and it works fine), an Opera widget, a Windows desktop or command-line application, a Yahoo! widget, mobile and web editions, or a Mac widget. This makes passwords much more portable than any competing solution that I know.

PasswordMaker isn’t perfect for everyone. It lacks the advanced identity-management features of an application like 1Password. But for the web worker who wants to move to strong passwords, it’s an excellent choice.

  1. Mike,

    Thanks for the link and article about PasswordMaker, it is definitely a different way of creating and assigning passwords than what we are used to.

    On a similar topic, I posted about The Ultimate Guide for Creating Strong Passwords

    Ramesh
    The Geek Stuff

    Share
  2. I use roboform and it does the same thing.

    Share
  3. I actually love the RoboForm software myself. I use it all of the time and it takes all the menial everyday tasks that I have to perform on my computer daily and shortens them extremely! What once took me fifteen minutes to complete now takes me only one second because RoboForm does the same task with just one click. In fact I wrote a Report about a lot of RoboForm’s capabilities for use that aren’t even touched on in the User’s Manual for RoboForm. You can get that Report here:
    http://www.booksbonkers.com/TheRoboFormReport!.html

    Share
  4. I like the idea of ‘hash based passwords’. SuperGenPass did a great job popularizing this novel approach to passwords. Sadly there are several downsides to using Digest Passwords, including:

    1. It is impossible to have unique passwords for multiple accounts on the same domain. While this may seem alright at first glance, imagine having multiple GMail accounts, one for work and one for personal. You would not be able to share your work account’s password with your co-workers since it would be identical to your personal account password.

    2. It is impossible to change your password for a website without changing your main password. Changing this password breaks the fundamental benefit of only needing to remember a single password.

    3. Generated passwords only use characters and numbers. Any website or application that has specific password requirements (i.e. at least 1 symbol) will not allow the generated password.

    4. Most probably you will need to settle on a shorter length for the generated password (6-8 characters) to be acceptable by most of the websites. You can adjust the length of the password for each site, but SuperGenPass is not able to remember the length you chose.

    If you don’t mind these limitations, you can use 1Password in conjunction with SuperPassGen as 1Password’s built-in password generator allows you to create Digest passwords that are compatible with SuperGenPass. This allows you to get all the benefits of 1Password, while still being able to ‘remember’ your passwords using SuperGenPass.

    Share
  5. David makes some useful points to remember. However, the article is about PasswordMaker.

    That tool DOES overcome the limitations he lists.

    1) You can add a modifier or change the “URL” as it is only used to generate the PW AFAIK – the user name is also used in the pw creation anyway!

    2) You can use the modifier for this purpose (add mmyy for example) or use seperate account groups

    3) PWM allows any character set to be specified

    4) You can use separate account groups. Most only use a subset of possibilities anyway.

    So PasswordMaker overcomes the issues that David listed.

    I know this is a late response but as this page turned up in a search on Google, I thought the info might be of use to others.

    Regards,
    Julian Knight

    Share

Comments have been disabled for this post