-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neil Bothwick wrote: > On Wed, 11 Jan 2012 11:04:01 -0500, Tanstaafl wrote: > >>>> I couldn't live without Passwordmaker (Firefox Addon), with >>>> it, I can have as strong and random passwords as I want on >>>> every site, it auto fills the username/password for me (if >>>> it is a web login page), but doesn't store any password >>>> anywhere... >> >>> Of course it stores the password somewhere. How else could it >>> log you in next time? It isn't magic, it retrieves the >>> password from somewhere. >> >> Nope, it generates it on the fly every time. It uses the current >> URL (or if you create a custom account for that URL, whatever >> you tell it to use), the username (if supplied), and a few other >> URL unique attributes to compute it, > > So it stores the data and method needed to recreate the password, > same thing. Or does it not store the username, in which case you > have to use the same username everywhere?
Most of my passwords are some hash[1] of a common passcode[2] and some site-specific or service-specific mnemonic. I imagine this would work similarly, using the absolute URL in place of a mnemonic. The downside would be if the server changed its URL rewriting scheme. - From their perspective, they didn't break anything as long as things 301 redirect to where they should. But it does break things that make assumptions about absolute URLs. (I've seen that break StumbleUpon thump-up counts, for example.) [1] The hash algorithm is something I can easily do in my head, not some massive, crypto-secure, heavily-mathematical thing. [2] I change the passcode I use for new passwords every several months, but I can usually guess which one I used for any given site within three tries. It works out, and is a nice in-head way to have a different password for every site. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPDbqfAAoJEC/SB0LItoL+OdQIALK/0qjkmQrfBENrj5WrEs0h 6oDe599TNya4XCTdOJbBmNAZ2JxCbXq+O1zunqSzHXHLE38n3vTHHPUHQNa/2I1k NQBLATfobr4edWqvdKO4LjhQLkKq7sL8I/rEA6ol2M019/WviIDNKmyJfPM3LfpK m3XZ3ATHDX5yC52cydYKXk1UbMQb6YZqPMzhmkpn4Vm7SL/Sj7RNdkQ+XAbLCyRo BWL4/oy3IZFuMd5r7x3ktKoQtzW85rUIpZrR8ZmoAFI+lXv+7JhuUwayM3kZga0O WeBLkv+efU0GP2s66ePPtjMeN7Z9AFpOG7OKO6VXwwjb1bPLkLUdALjyawzi2NE= =n6Cc -----END PGP SIGNATURE-----
