

Never forget your password again (Hashing) - marshallford
https://getvau.lt/

======
daurnimator
Compare with <http://supergenpass.com/>

------
elssar
I got a similar idea when I saw this link. But I think it would be better to
have it as a browser extension that automatically hashes the
password/passphrase for you, depending upon the site. Different salt for
different website, that changes on the click of a button(to deal with enforced
password expiration, or password changes), and maybe a different hashing
algorithm for different levels of sites.

~~~
marshallford
I don't no why you would want to use a different type of hashing. As for the
changing passwords issue you could bump your sitename. For example...

site: 1twitter

site: bump-facebook

Just use a bumping method, it isn't the best... but it works. You could always
change the number of characters around also.

~~~
elssar
Could use different passwords for different levels, no need to different
hashing algorithms.

And its pretty much the same thing isn't it - different salt vs bumping the
site name.

~~~
marshallford
Different levels still doesn't work when changing your password. If twitter
made me change my password, it wouldn't increase or decrease on my level of
importance scale.

~~~
elssar
The idea is to have one password, with a salt(or service name) for all
services. To make it a little more secure, you could set up different levels -
email and social, news sites, games..., basically any way you want to do it,
and have a different passphrase for each level. When changing passwords, you
just need to change the salt of that particular service.

------
webwanderings
A similar service was posted by someone else here yesterday. There is only one
problem with this scheme of password generators and managers: you have to keep
track of multiple key phrase when your password expires. If you are recording
keyphrase with the service name (two words) on continuous basis, than you
might as well use a local password manager to genera/record a password.

~~~
marshallford
you can always bump your service name.

For example,

twitter#username facebook#username

to

twitter-username facebook-username

~~~
webwanderings
You will have to remember your naming scheme multiple times in a year and
continuously in the future. People should be changing their password at least
every three months. This password scheme wouldn't work in a long run.

------
citruspi
This is actually pretty interesting.

Edit: \- Is it open source? Shouldn't be hard to replicate, but I'm just
wondering....

~~~
marshallford
<https://github.com/jcoglan/vault>

------
Firehed
Nifty, although it's going to cause problems (or at least be harder to use) on
sites that enforce password expiration and prevent re-use of previous
passwords. But I use a proper password manager for those anyway.

------
oakwhiz
A single "allow invalid certificate" mistake renders the whole thing useless
though.

~~~
oakwhiz
If someone does a man-in-the-middle attack on a clueless user, the user may
accept an invalid certificate for your site because they are rushing through
to go get one of their passwords. Offline password managers are better at
mitigating the non-security-minded user problem.

------
recursive
and give my password to you? why is that better?

~~~
marshallford
[http://blog.jcoglan.com/2012/06/22/announcing-vault-safer-
pa...](http://blog.jcoglan.com/2012/06/22/announcing-vault-safer-passwords-
for-the-web/)

