The trouble with secure passwords is that they’re hard to remember, and you should really use a different one for each site or application you use. One solution is to use randomly-generated strong passwords and store them in a password manager, like LastPass. Alternatively, you could use a password hashing tool to create a strong passwords for each of the sites you use from a master password in conjunction with a parameter.
You can quickly get an idea of how password hashing works by going to Hashapass. Enter a master password, then enter a parameter for the site/application you want to create the password for (for example, “gmail” or “hotmail”). The unique password is generated from the two phrases and will be very tough to crack. You don’t have to remember the tricky generated password — all you have to do is remember your master password and the parameter.
Going over to Hashapass every time you want to create or retrieve a password would be annoying, though — and also the generated passwords could use more characters. Fortunately, there are some browser extensions you can use instead. Steve Cooper’s Password Hasher is a Firefox add-on. It can generate hashed passwords on the fly, and allows you to specify options such as password length and whether it should use mixed case, which produces much stronger passwords than Hashapass. (Note that Password Hasher — like many add-ons — has not been updated to work with the Firefox 4 beta)
There’s also a port of Password Hasher available for Chrome, called Password Hasher Plus. It has all of the functionality of Password Hasher, plus it provides inline hashing within the password field — there’s no need to use a pop-up.
One major disadvantage of using a password hashing tool like these extensions is that if you’re on another computer you won’t be able to remember your passwords. Fortunately, you can use an online password hashing tool to retrieve hashed passwords.
How do you create strong passwords?
Related GigaOM Pro content (sub. req.): Report: The Real-Time Enterprise