On Friday, 11 April 2014 at 20:27:34 UTC, Graham Fawcett wrote:
On Friday, 11 April 2014 at 16:42:30 UTC, Walter Bright wrote:
On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
If, after the last year of hacking, and the heartbleed bug,
people are not using
password tracker/generators, you haven't learned anything :)
But those pw managers are a single point of failure. One
mistake and you've compromised or lost everything. If your
machine it is installed on is stolen, you've lost all your
passwords. Etc.
For less critical passwords, I use a JavaScript bookmarklet
with the code below. It's mostly an MD5 implementation. It
takes the base URL of the current page, concatenates a salt,
and then MD5-hashes the result. Then it pops up a dialog box
containing the hash, and that's my password for that site.
It doesn't work on crappy sites with silly restrictions (so
many numbers, no more than X characters -- that last one
especially makes my blood boil, because you *know* they aren't
properly hashing your password), but most modern sites accept
it just fine.
A couple years ago I tried to use http://supergenpass.com/ (which
works similarly) but there were just too many sites whose
restrictions made it not work. Good concept though.
