Identity theft is a serious problem and it does not look like it is getting any better. People are starting to use strong passwords but they use the same one for all sites they visit. This is VERY risky. Suppose your twitter account information gets stolen. If you use the same username and password on all you sites the hacker now has access to ALL your sites (E-mail/Amazon/PayPal/Facebook …). This happened to a colleague of mine. His Facebook account was hacked and from there the hacker took control of several other accounts including his E-mail. In the age of on-line banking this also can mean unfettered access to your money.

There are published guides on how to minimize the chances of identity theft and minimize the impact if your accounts get hacked. One of the strategies is to use long and complex passwords that are unique per site. That means that your password should be something like 4rtR0!fp<kl for webmail and a different set of random mixed characters for amazon. The obvious problem is remembering all that gibberish. So how do you manage all those passwords?

One solution is to use a password manager that has all the passwords stored in an internal encrypted database. KeePass is a great product for doing that. But that means that you have to have your KeePass database where ever you go, which is not always practical.

The better approach is to use a password hash. This means you use a mathematical formula to combine two strings to generate a unique third string. In plain English  this means you need to remember one master password and the site name and you still get a really strong password.

For example lets say my master password was ‘arisblog’, which is pretty easy to remember. if I use the hasher for the site Amazon I would get a password hash of ‘OQe7ppddC/pfwp1r’ every time. I never need to remember that mess. I just need to remember my master password. If I use the same master password  for the google sites I would get a password of ‘bl78nulbR/Grgcxy’. Those are some pretty hard to guess or hack passwords.

Password Hasher Plus builds this functionality into Chrome. You can set the length and type of your hashed password. I recommend at least 16 characters of both Alphanumeric and Special characters.

This is a port of the firefox extension from the wijjo site written by Steve Cooper. The wijjo site also has an online password hasher that works in any browser. You can use the online version if you are away from home on a public computer to generate the password hash to login to your sites. This is really the simple way of keeping site secure.

What methods do you use to keep your passwords secure? Tell me in the comments.

As soon as I get the invite I will write up a review. My buddy Hillel has already written up an article about his “Eight Google Wave Annoyances“, but I am not letting that influence my judgment. Now I just have to wait.

I hate waiting.

UPDATE: Ugh -  I just found out it can take a week from the time I am invited until the invite shows up in my inbox.

Did I mention I hate waiting.