Using Unique Website Passwords...

[Teddy Rogers]

Due to recent hacks and stolen databases leaked from various websites I have been reading a bit about studies done on users' website passwords and seen various statistics on peoples poor choice of passwords; commonality, length and complexity. You would think it is quite easy to use unique passwords - and it is! Unfortunately many of us frequent numerous websites and as such human nature tends towards laziness because no one likes to remember 10 or 20+ unique passwords. People then use a password they can remember and use that password across multiple sites and don't think about lax password security exposing them to a security risk across other websites they frequent. It doesn't have to be this way.

There are a number of simple tools you can use to help generate unique complex and lengthy website passwords by only having to remember one password. Password Hasher and SuperGenPass Generator are but two of a number of tools which are able to do this and good news is some of them are plugins, extensions or addons that integrate directly within your browser.

How do they work? They simply use a hash algorithm to generate a unique password string from your own master password with that of the websites domain and/or sub-domain name. Simple. Use it!

Ted.

[CodeExplorer]

I use KeePass for keeping passwords
/>http://keepass.info/download.html

Also contain a password generator.

Use KeeFox to get passwords from KeePass into Firefox.
/>http://keefox.org/

And an important think: use an obscure/personal email address

[JoeBullet]

The problem is that most people are lazy to use these tools which existed for a pretty long time.

[Jaymz]

Here's link to interesting article about "How to create and remember strong passwords" by F-Secure ...

http://safeandsavvy.f-secure.com/2010/03/15/how-to-create-and-remember-strong-passwords/

Personally,I'm using a similar technique like this,and gotta admit it's quite good method..

Example: I pick up the first or second character of the domain name,and the first/middle/last character of

the domain extension,and have inbetween there +-10 chars/numbers which i will remember for 100% sure.

The password is different for every site.

And I'm quite sure none could "hack" this 10 char "pin" of mine,since it doesn't make any sense

(except to me,birth-dates mixed with nick names/slang words) unless someone had some keylogger planted on

my computer.

I think that type of a method was also covered by F-Secure..

Edited August 12, 2011 by Jaymz

[miller]

well if i use shoty password then its mean its have doutful that any time my pass will be leakage right?

and if i use mixed chr then how ti will be..? sorry for if i wrong

[hades.5]

i am taking about brute forcing attack

if a person chooses 12 character password with numbers(10) ,symbols(30) and upper/lowercase(26*2=52)

total possible pw= 92!*92!*92!*92!*92!*92!*92!*92!*92!*92!*92!*92.

P(correct pw)=1/92!*92!*92!*92!*92!*92!*92!*92!*92!*92!*92!*92

its all about permutation and combination

brute forcing this pw required time and machine power

thats why we use big mixed char password.......

im done...

Edited February 5, 2014 by souvik das

[Progman]

There are other attacks besides brute force e.g. if mistakes are made on the server sometimes the time it takes to get a response can allow the password to be recovered one character at a time.  Various side channels can allow recovery.  Even if properly hashed, at minimum salting and peppering should be done as countless websites get hacked and databases with md5 or sha hashes sitting there for distributed password cracking.