After hearing about this password creator on a few different podcasts (Security Now, Diggnation), I thought I’d give this application (or bookmarklet, as it turns out) a try. Hey, if it’s good enough for Leo and Steve, why not me?
In short, it’s doing some clever math to come up with unique passwords for websites you visit, based on a master password (that you know, and is not stored) plus the website address. I won’t pretend to understand the math, but the calculations are supposed to be one way. In other words, even if someone knew the website address and the resultant password, they couldn’t arrive at your master password.
This seems quite handy for several reasons:
- One password (to rule them all!) that you have to remember, yet is unique to each site. In other words, even if someone cracks your password for one web site, that’s all they get – one site, not all the sites you may visit regularly.
- The resulting passwords are just gibberish, so they can’t be broken by a dictionary attack
- If you need to change your password regularly (say, once per month), you just increment your master password by 1 character (say, add a 1, then a 2, and so on) at the end of the master password, thereby generating a new and unique password.
- Though I’ve not tried this yet, you can utilize the website (link is off to the left under Tech) on other computers to generate the password and get you logged in. Of course, an instance of Portable Firefox on a USB key may be the safest way to go about this
I’ve got it in limited use so far, but if my initial impressions hold up, this could be a very nifty way to manage passwords.
Posted by Patrick 