From PasswordMaker

Revision as of 23:00, 30 August 2007 by Tanstaafl (Talk | contribs)
Jump to: navigation, search


The Problem

With the proliferation of online resources these days, most people have many different usernames and passwords that they have to remember: banks, investment accounts, bill pay systems, credit card sites, email accounts, instant messenger accounts, photo sites, blogging tools - and countless others - all require a username and password to be able to access them. Most people have only a few - sometimes just one or two - simple passwords they use for all of these accounts, because it's easier to remember just one or two than it is dozens. To make matters worse, the one or two passwords that they do use are usually very simple, like their dogs name, their birthday, or their wife or daughters name. The problem is, this is incredibly risky.

Ideally, you should use a unique, strong password for each of your accounts - especially the ones that contain sensitive information, like your bank or your investment brokerage account - but what about all of your other accounts? They may not contain information that is quite as sensitive as your bank, but it is still your private information, and none of anyone else's business.

"But only a genius could memorize so many unique passwords!", you say? Well, read on...

Existing Solutions

Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use one of the many password managers that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's, or a public internet terminal. You can't get to your passwords without carrying them around or publishing them on the internet. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And publishing them on the internet? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database.

The Solution

What if you could use passwords that are as unique as fingerprints for each and every one of your accounts, yet not have to remember them? PasswordMaker allows you to do just that. By using complex mathematical formulae, called hashing algorithms, PasswordMaker outputs the same unique passwords for you each and every time you provide it with the same input. And these passwords are unique across the globe (providing they are of sufficient length).

Don't write them down on sticky notes for others to find; no, PasswordMaker calculates them for you over and over again -- as needed -- without storing them so they can't be stolen. And if you use more than one computer (for example, one at work and one at home), it's child's play to synchronize them. There's even an on-line version for times when you are at a public computer and can't install any software.

PASSWORDMAKER solves all of these issues. It is a small, lightweight, free, extension for Firefox, Mozilla, Netscape, Flock, and Yahoo! Widgets which creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen.

How It Works

You provide PasswordMaker two pieces of information: a master password -- that one, favorite password you like -- and the URL of the website requiring a password (for internet applications without URLs, such as instant messaging, you can make up any URL you like; e.g., Through the magic of one-way hash algorithms, PasswordMaker calculates what is known as a digital fingerprint - or hash - which can then be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) does "not reveal anything about the input (your master password) that was used to generate it." [1] In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help! Other security features, such as PasswordMaker's ability to automatically insert generated passwords into web sites' password boxes, helps protect you from key-loggers and/or trojan horses that some Black Hats use to try to steal passwords. For more details, visit the FAQ.

What About Portability?

For times when you must use non-Firefox browsers or can't install Firefox extensions, there's an online version which mimicks the extension and works in all browsers new and old. No downloads or installations are required. Additionally, stand-alone versions for desktops, mobile phones, and PDAs are coming shortly.

Personal tools

Donations / Expenses