Saturday, March 29, 2008

Password Reusability

Oops – I don’t like to hear that I’ve not provided a strong enough password for the site that I’m enrolling in. I like it when I can use “my” password for every site that I visit – I don’t have to remember the combinations of letters, numbers and characters that are often required, consequently, I have one password that I use over and over again. Well, that’s pretty dumb, I’m sure you would agree.

I don’t like to have to carry around a notebook in order to write down the domains and passwords for every place that requires a password. I have post-it notes and 3X5 cards all over the place and when I need the Userid and password for this or that site, I have to search through all of the “important” stored (on my desk or in a drawer, under my keyboard, etc) for information to find the one that is current today – what a pain.

I’ve done some poking around on the internet once again to see if I can find a convenient way to deal with the situation.

Stanford Security Labs has come up with a solution – it’s called Password Hash. Password Hash is a downloadable browser application (FireFox, Internet Explorer and Safari) that will calculate and submit a password based on the web site (domain) and password that you use. It won’t change existing password information for you when you visit a site. You’ll have to go to the password change area and modify your password with the tool in order to have your password hashed.

One of the benefits of this kind of password security is that the hashed password is unique to the web site and password that you are viewing. What that means is – this will be invaluable when you click on a site from some email and it turns out to be a phishing web site. You see the domain of the phishing site can not be the same as the actual web site, voila, phishing protection.

I you happen to be viewing a web site that you have your password hashed for and are on another computer, you can visit pwdhash.com, enter the site domain name (example.com) and your password and get the hashed password to copy and paste into the password prompt for the site.

Visit the Stanford Security Lab at: http://crypto.stanford.edu/PwdHash/ for more information, select your browser type, download and start using the tool for more secure surfing on the world wide web.

Reference: PC World Article by Erik Larken

Darrell Mishler

M & D Creative Concepts LLC

Web Design Services

M & D Online Shopping

Posted by at
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)