James said in his recent security article "Also, remembering several (hundreds!) of complicated, strong passwords can be daunting and frequently leads to poor password choices" -- but we learned right here on the Drupal planet from Moshe, there is a good solution to this: SuperGenPass. "SuperGenPass allows you to remember just one password (your “master password”), which is used to generate unique, complex passwords for the Web sites you visit. SuperGenPass is a bookmarklet, so there’s no software to install, and it never stores or transmits your passwords anywhere." There is a mobile version, too. I use it and love it.
Commenting on this Story is closed.
And what happens if you have multiple passwords for the same domain? For example, you have 2 Google accounts?
For Linux maybe this tool is the best solution, but for other platforms there are better solutions: Roboform for Win and 1Password for Mac.
Any solution which saves your passwords is a flawed solution. I could use kwallet for sure but I don't.
The mentioned programs although save the passwords, but they encrypt them at the same time. If you want to steal my passwords, you have to know my master password, and you need to steal my files (the stored and encrypted passwords) as well. In practice, this is the same security when you don't store the passwords.
Update: if I have a website, and you register there, then I will know your password. So if I can crack the MD5 algorithm, then I will know your master password, right? So SuperGenPass is as secure as MD5.
But if my program stores my passwords, then it has the same security level as MD5.
So storing passwords is actually safer... Because you not only have to crack the code, but you have to also steal my files. By SuperGenPass I "only" need to crack MD5.
I can go to http://www.supergenpass.com/mobile/ and generate the password. This works from any browser, any computer, anywhere.
Personally.. I went into paypal and got the keyfob for 5 bux. You can then setup a verisign openid account and attach the paypal keyfob as a credential that must be entered. So far its treated me well.
I do not think every site, forum etc supports OpenID already.
I cannot login with my open ID at drupal4hu. :(
I told chx on IRC that I don't use anything like this because I prefer to have my passwords memorized. My reason for that is I use 3 different browsers and multiple computers plus I like to have them if I need to log in from someone else's house. He said that there is a website you can go to with the js to get your password. So maybe I'll give it a try. :)
Michelle
In 2007 links of london was named Jewellery Brand of the Year at the 2007 UK Jewellery Awards for the third consecutive year.links of london Bracelet