Comments on: Passwords

By: Please stop using the same passwords!!! : alexking.org

Please stop using the same passwords!!! : alexking.org — Fri, 23 Mar 2012 21:53:29 +0000

[...] strongly agree and have made the same argument numerous times (though haven’t actually done any [...]

By: Passwords (I told you so) | alexking.org

Passwords (I told you so) | alexking.org — Mon, 13 Dec 2010 19:24:34 +0000

[...] is one of those situations where it’s no fun to be [...]

By: Around the web | alexking.org

Around the web | alexking.org — Mon, 05 Jan 2009 08:39:48 +0000

[...] Now they just sold all the data. – FriendFeed – also another reason why you should care about your [...]

By: Air Install List | alexking.org

Air Install List | alexking.org — Sat, 21 Jun 2008 00:09:03 +0000

[...] – I’ve talked about this at [...]

By: Alex

Alex — Thu, 18 Oct 2007 14:15:30 +0000

marco – Perhaps you should read the PwdHash documentation more closely.

By: marco

marco — Thu, 18 Oct 2007 09:48:39 +0000

am just wondering what happens if the mail provider is changing the login address

from http://mail.domain.com to maybe http://mail2.domain.com

especially when i don’t remember the former URL.. i’ll never be able to login again, right?

By: Switching to Firefox | alexking.org

Switching to Firefox | alexking.org — Wed, 18 Apr 2007 19:21:29 +0000

[...] doing very well, I finally decided to switch to Firefox in order to use the PwdHash extension (as previously [...]

By: Kerim Friedman

Kerim Friedman — Sun, 18 Feb 2007 23:21:49 +0000

PS: PasswordMaker also has a web interface. (In both full and mobile editions.)

By: Kerim Friedman

Kerim Friedman — Sun, 18 Feb 2007 23:15:43 +0000

This works a bit differently from PasswordMaker, which is what I’ve been using, as well as other implementations of the same concept: most tools I’ve seen create a hash from a masterpassword+url+username. PasswordMaker is nice because it stores the username for you, and lets you upload/download from a server (but not full sync yet).

The password+url+username seems a bit safer than simply password+url. Also, because sites vary a lot in terms of username requirements, it is nice to have that information saved. Sometimes its harder to remember usernames than passwords!

Having said that, however, the simplicity and ease-of-use of PwdHash have be considering switching over …

Sxipper is also looking nice, but I use it more for forms than passwords:

http://www.sxipper.com/

By: Dan

Dan — Fri, 02 Feb 2007 23:59:30 +0000

I’m not sure why you want to go to these extremes to just keep passwords. Something I do is use Google’s Browser Sync which syncs bookmarks, cookies, passwords, history and a browser restoration (like what’s already built into firefox but across multiple computers). You can always pick what you want to sync rather then all of the above features but it’s really nice to use if you’re using multiple computers. I’m regularly on 3 macs a day and a couple linux and windows boxes over the week and it helps tremendously, passwords and bookmarks in particular.
Security wise, it uses “encryption” to sync but I’m more concerned with a local intrusion so I make sure to keep a master password on all my firefox installs and the browser sync asks for a login when you switch systems automatically.

By: M. Burnett

M. Burnett — Fri, 02 Feb 2007 21:43:35 +0000

You might want to try out Pafwert (http://xato.net/bl/2[...]r-passwords/) you can make strong passwords that are actually easy to remember.

By: Andreas Gohr

Andreas Gohr — Fri, 02 Feb 2007 20:42:42 +0000

Stephen, that’s what the web version Alex mentions is for. It uses the same algorithm as the Firefox extension.

By: stephen o'grady

stephen o'grady — Fri, 02 Feb 2007 20:37:34 +0000

ok, ok, so i just skimmed the first part like an idiot

still not sure i’ll switch, but interesting.

By: stephen o'grady

stephen o'grady — Fri, 02 Feb 2007 20:27:45 +0000

am i correct in assuming that if you’re using the hashes for these sites, you’re going to need access to the same plugin to get the hashed password? i.e. if you’re on someone else’s machine, you won’t be able to return the password?