Monday, July 6, 2009

The Problem with Too Many Sites and Only One Password

If you are like most people then you have one password and log-in for all of your web accounts. This is a really big problem, since now your security on-line depends on every site you have an account on. Now if one of those site gets hacked, bam; the thief is off to every bank website there is. With more and more people on-line and people having accounts at more and more sites, this is becoming a real issue!

One way to protect yourself is to have a system. You could do something as simple as add a pre and postfix to your password for each site (a different one for each site). Most people are not very likely to play around with that kind of thing on different websites so you are somewhat more protected.

One way that I just saw on Hacker News today is to use Stanford PwdHash. PwdHash is the program I was going to write for myself to protect my passwords but never really got around to it. PwdHash is a JavaScript and browser extension tool which generates a hash key based on the password and domain enter into it. For example, for the site www.example.com and the password of password (a very bad password) PwdHash will generate the value of 4QAIn8SvaW, a very good password. In fact Microsoft's password checker gives it a strong (password gets a weak). If you paste the password in twice on Microsoft's password checker it will become a best (add a ! to make it even better).

PwdHash seems safe, since you are not storing anything on a remote machine. I am going to try it out some more before I give it my really important accounts, but I think it will be great for social networking site (which may not have the best security). Give it a try, it has to be better than using your dog's name and zip code for every website.