Monday, September 10, 2012

Chrome App Review: Password Hasher Plus

Every week, it feels like I read a new story about new schemes to get user password, or a new story about how a hacker got a password and heavily damaged someone else's life.  A few months ago,  I decided that I needed a new method to create and remember passwords.  Even though I followed the rules to create strong passwords and I kept a local password file, I didn't like it.  What happens if someone gets the password file?  What if I need a password but I can't get to the file?

First, I decided on my requirements.  I wanted an application that helped me create password using the following rules for creating a strong password:
  1. Do not use all or part of your username as a password.
  2. Do not use dictionary words as a password.
  3. Use the maximum amount of letters allowed by the website for a password, not the minimum.
  4. Include numbers and special characters if the option is available.
  5. Do not reuse passwords across multiple websites.
  6. Do not use your real name, nor the real names of anyone close to you (e.g. family members, pets, ...)
But I do not want the application to store the password itself anywhere.  I also wanted the application to work on my Android devices as well as my desktop.  

Second, I perused the Chrome Web Store.  I love this place - every time I look, I find more interesting apps there to try out.  Searching for "password" brought up a list of various apps, but I didn't find what I wanted until I got to Password Hasher Plus.

Password Hasher Plus is an app that creates password for you through a hashing algorithm using a master key, site tag (based on the URL), and a secret word.   The app also lets you set length that you want as well as the set of characters available to use for each password (numeric only, alphanumeric only, or alphanumeric and special characters).

After you install this app, when you log in to a website, you enter the secret word in the password field.  Password Hasher Plus then calculates your password, switching the contents of the password field to the new, hashed password.  Víolá!!  You have a new, unguessable password.

The key to all of this is the secret word.  You can use the same secret word for multiple websites, but you will still get unique passwords for each website because of the hashing algorithm.  That means you only need to remember one or two secret words to get strong passwords everywhere.


No comments:

Post a Comment

Feel free to agree or disagree, just be polite.

Freaky Friday News: Unicorn Licenses

Los Angeles County Gives a Young Resident a Unicorn License Last month, a resident of Los Angeles county, Miss Madeline, sent a handwritte...