Password security without a password manager

Daniel from http://www.dailyblogtips.com published an article with some of his ideas on how to create passwords for multiple sites.

The idea is to create an algorithm and use that for every site. It is a good concept, but there is a small danger if someone steals the password from one site and figure out the algorithm used. You then lost all your passwords.

My idea and what I always use is a bit different. I don’t like password managers, but I like crypto, so I take advantage of one-way hashes (md5, sha1, etc) and generate passwords using them.

How it works?

First, I choose a good long password that I will use everywhere. For example qwerty (don’t use that, just an example). Now for every site, your password will be the md5 (or sha1) of qwerty + site name. For example:

$ echo “qwerty http://www.facebook.com” | md5
9d7d9b30592fd43dd6629ef5c12c6e9a

$ echo “qwerty http://www.twitter.com” | md5
cdf0e74e19836efb20f29120884b988d


That way my password for facebook is 9d7d9b30592fd43dd6629ef5c12c6e9a and for twitter is: cdf0e74e19836efb20f29120884b988d

Both long and secure. If someone steals my twitter password he has no way to reverse back to figure out the other passwords. Plus, doing that you don’t need any password software stored (just the md5/sha1 binaries which come by default on Linux and are easy to find on Windows).

Simple and easy..

We just reached 3,000 sites being monitored

I was very glad to find out today that we reached 3,000 sites being monitored by http://sucuri.net. They are all being checked frequently for DNS, Whois and content changes, in addition to their blacklisting status on multiple databases.

So, if you want to stay in control of your Internet presence, try http://sucuri.net.

Web site and DNS integrity monitoring to detect unauthorized changes caused by malware, hackers, etc.

Hacking attempts? Domain in a blacklist database or stolen?
Instant notification via email, sms and twitter, showing exactly what is happening…