20 Comments

Summary:

One way to create strong passwords is to use randomly-generated phrases and store them in a password manager. Alternatively, you could use a password hashing tool to create passwords for each of the sites you use from a master password in conjunction with a parameter.

The trouble with secure passwords is that they’re hard to remember, and you should really use a different one for each site or application you use. One solution is to use randomly-generated strong passwords and store them in a password manager, like LastPass. Alternatively, you could use a password hashing tool to create a strong passwords for each of the sites you use from a master password in conjunction with a parameter.

You can quickly get an idea of how password hashing works by going to Hashapass. Enter a master password, then enter a parameter for the site/application you want to create the password for (for example, “gmail” or “hotmail”). The unique password is generated from the two phrases and will be very tough to crack.  You don’t have to remember the tricky generated password — all you have to do is remember your master password and the parameter.

Going over to Hashapass every time you want to create or retrieve a password would be annoying, though — and also the generated passwords could use more characters. Fortunately, there are some browser extensions you can use instead. Steve Cooper’s Password Hasher is a Firefox add-on. It can generate hashed passwords on the fly, and allows you to specify options such as password length and whether it should use mixed case, which produces much stronger passwords than Hashapass. (Note that Password Hasher — like many add-ons — has not been updated to work with the Firefox 4 beta)

There’s also a port of Password Hasher available for Chrome, called Password Hasher Plus. It has all of the functionality of Password Hasher, plus it provides inline hashing within the password field — there’s no need to use a pop-up.

One major disadvantage of using a password hashing tool like these extensions is that if you’re on another computer you won’t be able to remember your passwords. Fortunately, you can use an online password hashing tool to retrieve hashed passwords.

How do you create strong passwords?

Related GigaOM Pro content (sub. req.): Report: The Real-Time Enterprise

  1. What can I put into the Site Tag and Master Key fields so that it will generate a hash tag of 123456?

    Share
  2. This one is great! I can use this for all of my account especially on my Facebook account. There are many hackers now a days and I’m afraid that my account will be hacked just as what happened to my friend account.

    Share
  3. I’ve been using SuperGenPass.com for quite some time now and it’s great. I think it is better than Password Hasher in that its bookmarklet automatically uses the site’s domain name as the tag.

    Share
  4. [...] link: Use a Password Hasher to Generate More Secure Passwords Share and [...]

    Share
  5. 1password is the way to go.

    This scheme seems pretty dicey.

    Share
  6. And what do you know about the makers of those two add ins? It would be a great malware ploy to collect access names and passwords!

    Share
  7. There’s another one called PasswordMaker which appears to be more configurable and offers a Javascript version which can be run offline.

    PasswordMaker also has an Android app since you’ll probably need to enter those passwords on your mobile as well.

    Share
  8. That’s a great tool, thanks for sharing. I think I’ll give my friend a buzz about it so his site won’t get hacked the second time around.

    Share
  9. I agree this method would help to increase password security in the short term, but it’s still not a substitute for using a secure password. It’s feasible that a potential hacker could use the same hashing algorithm to generate their own set of hashed passwords based on common passwords and tag values; especially if the tag is as obvious as the site’s domain.

    Share
    1. That’s very true, Dave. But considering that many people don’t use secure passwords at all, it seems like an easy step to slightly better passwords, at least. A hashed password based on a common dictionary password+easy-to-guess tag is still going to be lots harder to crack than s simple dictionary-based password.

      Share
  10. Some Filipino IT make use of Jejemon* translator (http://www.jejeschool.com) as password generator

    Jejemon is the sellout type of Leetspeak in Philippines

    Share

Comments have been disabled for this post