Today, passw0rd "cracking" tools can easily perform "dictionary" assaults, tirelessly testing combinations of real words, names, and combinations of numbers. Creating complex passwords is therefore a must. Robust complex passwords mix letters, numbers and cases (i.e., f7H8sca93kkZhH), but are therefore nearly impossible to remember. To be truly secure, you'd want to use a different password for each site you visit - but remembering many complex passwords is really awkward.
One nice solution is SuperGenPass. This clever piece of freeware from author Chris Zarate is stored locally on your computer as a Java "bookmarklet" in your Web browser. You need only remember one "strong" master password - SuperGenPass generates a custom, unique password for every website based upon your master password and that site's domain name (i.e., "amazon.com"). No one can "reverse-engineer" your master password. You can install SuperGenPass on every computer you use - even on other people's computers. (Author Zarate assures users that the bookmarklet transmits no information of any kind - and even if you choose to "store" your master password in the Web browser, it is securely encrypted.)
Using SuperGenPass is simple:
- Use the SuperGenPass Bookmarklet Builder, answering the three questions (I'm using the "Enter your master password each time, but use a hash to verify it" option) and drag the generated bookmarklet to the "personal toolbar" of my browser (on every computer I might use). You only need to do this once for every Web browser on which you wish to use SuperGenPass.
- Whenever I need to fill in password fields on a Web page, I simply click the "SuperGenPass" bookmark and a small dialog box pops up in the upper-right corner of my browser window, asking for my master password.
- Clicking the "Populate" button will tell SuperGenPass to attempt to fill in any password fields it finds on the current Web page with your generated password.
Fancy optional features allow you to embed your master password into the bookmarklet for convenience (although this would allow anyone with operational access to your computer to access any sites) or to double-check that you've typed in your master password correctly.
Using SuperGenPass means changing passwords at any site with which you're already registered, so it may require some effort to switch over, if you're determined to remove your old password(s) from all your registered sites. A caveat about using SuperGenPass is that it will *always* generate the same complex password from the same combination of master password and domain name - if you use any sites that require periodic password changes, you might want to avoid using SuperGenPass for those sites.
No comments:
Post a Comment