Difference between revisions of "Introduction"

From PasswordMaker
Jump to navigationJump to search
 
(62 intermediate revisions by 17 users not shown)
Line 1: Line 1:
== The Problem ==
+
==The Problem==
  
With the proliferation of online resources these days, you probably have many different usernames and passwords that you have to remember: banks, investment accounts, bill pay systems, credit card sites, email accounts, instant messenger accounts, photo sites, blogging tools - and countless others - all require a username and password to be able to access them. If you're like most people, you probably have only a few - or maybe just one or two - simple passwords you use for all of your accounts, because it's easier to remember just one or two than it is dozens. To make matters worse, the one or two passwords that you do use are probably fairly simple, like your dogs name, your birthday, or your spouse or child's name. The problem is, this is <b>''incredibly risky''</b>.
+
If you're like most people, you have a few passwords that you use over and over again on many different websites. You know this isn't secure, yet you do it anyway. Why? Because it's difficult to remember a unique password for each and every web site that requires one.
  
Maybe you do use unique passwords, and get around the problem of remembering them by saving them in your browser - which is very insecure - or by storing them in a spreadsheet or other file. Maybe you even use one of the many [http://en.wikipedia.org/wiki/Password_manager password managers] that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's, or a public internet terminal. You can't get to your passwords without carrying them around or [http://www.passwordsafe.com/ publishing them on the internet]. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And [http://www.passwordsafe.com/ publishing them on the internet?] Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database.
+
==Existing Solutions==
  
Ideally, you should use a unique, [http://en.wikipedia.org/wiki/Password_strength#Strong_passwords strong password] for each of your accounts - especially the ones that contain sensitive information, like your bank or your investment brokerage account - but what about all of your other accounts? They may not contain information that is quite as sensitive as your bank, but it is still your private information, and none of anyone else's business.
+
Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use [http://www.symantec.com/passwordmanager/ one] of the many [http://www.edash.com/gotpassword/gotpassword.shtml password managers] that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's computer, or a public internet terminal. You can't get to your passwords without carrying them around or [http://www.passwordsafe.com/ publishing them on the internet]. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And [http://www.passwordsafe.com/ publishing them on the internet]? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database (Like the LastPass break in of May, 2011 [http://blog.lastpass.com/2011/05/lastpass-security-notification.html LastPass Announcement]).
  
"But only a genius could memorize so many unique passwords!", you say? Well, read on...
+
==Our Solution==
  
== The Solution ==
+
PasswordMaker solves all of these issues. It is a small, lightweight, free, open-source tool for Internet Explorer, Firefox, Google Chrome, iPhone, Opera, PHP, Windows, OS/X, Linux, Flock, Yahoo! Widgets, Android, Python, and many other platforms & systems. It creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen. PasswordMaker has been around since about 2003 and so is a mature, stable, popular solution.
  
What if you could use passwords that are as unique as fingerprints for each and every one of your accounts, yet not have to remember them? PasswordMaker allows you to do just that. By using complex mathematical formulae, called [http://en.wikipedia.org/wiki/Hash_function hashing algorithms], PasswordMaker outputs the same unique passwords for you each and every time, provided you give it the same input. And these passwords ''are unique'' across the globe (providing they are of sufficient length).
+
==How It Works==
  
Don't write them down on sticky notes for others to find; no, PasswordMaker calculates them for you over and over again -- as needed -- without storing them so they can't be stolen. And if you use more than one computer (for example, one at work and one at home), it's child's play to synchronize them. There's even an [http://www.passwordmaker.org/passwordmaker.html on-line version] for times when you are at a public computer and can't install any software.
+
Warning - technical jargon in this section!
 +
 
 +
You provide PasswordMaker two pieces of information: a "master password" -- that one, single password you like -- and the [http://en.wikipedia.org/wiki/URL URL] of the website requiring a password. Through the magic of [http://en.wikipedia.org/wiki/Cryptographic_hash_function one-way hash algorithms], PasswordMaker calculates a [http://www.rsasecurity.com/rsalabs/node.asp?id=2176 message digest], also known as a [http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsch_key_vzqm.asp digital fingerprint], which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." <sup>[http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest 1]</sup>. In other words, if someone has one or more of your generated passwords, it is ''computationally infeasible'' for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers [[Media:ZBoxOpenJuly03.jpg|like this]] won't help!
 +
 
 +
==What About Portability?==
 +
 
 +
For times when you must use one of the rare platforms to which PasswordMaker hasn't been ported, or are using a system where you can't install any software, there's an [http://passwordmaker.sourceforge.net/passwordmaker.html online version] which mimics the extension and works in all web browsers new and old. No downloads or installations are required.
 +
 
 +
==Old Site==
 +
The old PasswordMaker website can be found [http://passwordmaker.sourceforge.net/ here]. Please note it is no longer maintained but is present for archival purposes.

Latest revision as of 20:55, 11 October 2013

The Problem

If you're like most people, you have a few passwords that you use over and over again on many different websites. You know this isn't secure, yet you do it anyway. Why? Because it's difficult to remember a unique password for each and every web site that requires one.

Existing Solutions

Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use one of the many password managers that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's computer, or a public internet terminal. You can't get to your passwords without carrying them around or publishing them on the internet. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And publishing them on the internet? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database (Like the LastPass break in of May, 2011 LastPass Announcement).

Our Solution

PasswordMaker solves all of these issues. It is a small, lightweight, free, open-source tool for Internet Explorer, Firefox, Google Chrome, iPhone, Opera, PHP, Windows, OS/X, Linux, Flock, Yahoo! Widgets, Android, Python, and many other platforms & systems. It creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen. PasswordMaker has been around since about 2003 and so is a mature, stable, popular solution.

How It Works

Warning - technical jargon in this section!

You provide PasswordMaker two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PasswordMaker calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." 1. In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!

What About Portability?

For times when you must use one of the rare platforms to which PasswordMaker hasn't been ported, or are using a system where you can't install any software, there's an online version which mimics the extension and works in all web browsers new and old. No downloads or installations are required.

Old Site

The old PasswordMaker website can be found here. Please note it is no longer maintained but is present for archival purposes.