Wednesday, January 7, 2015

Never Forget passwords, without storing them

The Problem


Everyone of us have an online account with so many services, like social networking, e-commerce, and email. This list is increasing day by day. Keeping minimum 8 character password with (symbols+alphanumeric code) has become a norm.

How do we remember all the passwords, for different service ?

A quick but very risky solution is to keep the same password for all services. Keeping the same password is like using the same key for all the locks. If one service is hacked, then the hacker might try the same password for other services too. This has happened before --

eBay Inc. To Ask eBay Users To Change Passwords

Sony Got Hacked Hard: What We Know and Don’t Know So Far

Ars Technica was hacked. Readers advised to change passwords

Another easy but cumbersome solution is to use password managers like KeePass. But again you need to manually enter password for every service, and take the encrypted password database file to where ever you need it. 

 

The Solution

 

There is  now an elegant, open source and very secure way to have different and difficult passwords for every website, without the need to store them.

Android

Hash it - Android  app        Play store Link      GitHub Source  

Official Page

Mozilla Firefox Addon 

Password Hasher                 GitHub Source 


 

How it works

 

One way hash functions like MD5, SHA are used to hash domain name with your master key to generate unique password.  Thus using single master key, unique password can be generated for different websites.