Friday, October 06, 2006

Security: Simplifying Web Site Logins

About a year ago, I wrote an article about how to create a strong password. In this article I discussed some of the techniques needed to create a password that someone can't easily guess or break. I also recommend that you don't use the same password for every web site that requires authentication.

I recently came across a very cool browser-based utility that simplifies using, creating and remembering strong passwords across any web site. All you have to do is create a master password that only you know, and give the site a URL (such as: http://www.google.com), it will then create a unique password for that web site. You can also create a bookmarklet (JavaScript embedded in to a bookmark) that you can store in your browser links bar, that can automatically generate a password for a site that your visiting based on your master password.

The way this utility works is by using JavaScript on a local web page loaded in your browser (no information is sent to the remote server). The script then uses MD5 to create a one-way hash based on your master password and the domain of the web site that you're going to use it for. Only the first eight (or more) characters of the hash are selected, so its impossible to break the hash because not all the information is used.

No comments: