One of the big no-no’s in online security is using the same user name and password for different sites. The reason is simple: if one site gets compromised, your login information for other sites is now “floating around”. While having separate passwords is great in theory, practicing it is another story. To help with this, check out the Firefox add-on Magic Password Generator.

You remember one master password. (It is not stored anywhere, don’t forget it!) Then, with a (somewhat simple)  cryptographic hash function, the extension combines your master password and the domain name of the site to make another unique password for that site. The password is not saved in Firefox, or anywhere else. It’s secure!

Keep in mind, this extension is completely separate from the password manager built into Firefox. Basically, passwords are generated on the fly each time using an algorithm based on the current domain name.

This extension works best if you only use a single computer, but if you use multiple, there are tools available on their website to help you find out what your password would be.

While Magic Password Generator is certainly not for everyone, some of you may find it useful.

Firefox has nice built in password management features, however the one thing it is missing is the ability to export your saved information. Doing so is a nice way to get these entries into a password manager program. To add this ability to Firefox, check out the appropriately named Password Exporter add-on.

This extension allows you to export your saved passwords and disabled login hosts using XML or CSV files that can be imported in another browser or computer.

This is the functionality you would expect: simple and effective. Just make sure you do not keep the export files sitting around as the data is stored in plain text. When you are done with these files, be sure to permanently delete them.

Pretty much every current browser out there has the ability to save your user name and password information on different sites and then fill them in when you visit later. While this function is incredibly useful and convenient, it is important to remember it is not a substitution for a password manager.

Since this information is stored in your browser, it lives and dies with your browser data. While this is typically not a problem, there is always the chance this information could be corrupted with an upgrade/patch or even worse, stolen via malicious software or a browser exploit.

By using a password manager, such as KeePass, you are assured protection. Since these programs focus on keeping your password information safe, this is the most reliable way to store your sensitive information.

You may have seen several posts and tips on this site in the past regarding the excellent open source password manager, KeePass, but today I’m going to point you to another excellent password manager: RoboForm.

RoboForm (available in a free and commercial version) offers just about everything you would ever need for managing passwords. Here are some features of interest:

• AutoSave passwords in browser.
• Click Login button for you.
• Take RoboForm with you on USB disk for ultimate portability.
• Sync your passwords and notes to Palm or Pocket PC.
• Works under Windows as an add-on to IE-based browsers.
• Works with Netscape, Mozilla, Firefox under Windows.
• Save Secret Text Data to Safenotes

Of course, all your passwords and (optionally) notes are encrypted, so rest assured your secrets are safe. If you have tried KeePass and it didn’t have enough features for you, RoboForm should do the trick.

Everyone who uses the internet must user usernames and passwords and that’s just the way it is. Whether it’s for email, instant messaging or any web site that has authentication of any type, passwords are par for the course.

Years ago most people would have only a handful of usernames and passwords to remember, but with the explosion of social media, online video/audio/photo/file storage and so on, many people have 15 or more.

The way most people get around this is to the use same username/password for all their accounts. This is stupid because if one system you use is compromised where your authentication information is found, all your stuff is then "in the open", so to speak.

I’ll cover how to choose passwords that can be different yet remembered by you easily in the list below.

1. Avoid repeating characters

Example: cccrazylikeafox

The "ccc" is the repeating set of characters. Don’t do this.

2. Use mixed case

Uppercase: CRAZYLIKEAFOX

Lowercase: crazylikeafox

Mixed case: CraZylIkeAfOX

3. Use mixed case letters and numbers

Example: 27CrAzylIkeAFox93

4. Use other characters (if allowed)

Example: 27-C_rA:zy>lIkeAF<ox9!3

Note: Some web sites don’t allow this (but they all should).

5. Let a password manager choose the password

Example: Use KeePass Password Safe

Example screen shot:

Yes, the above is a crazy password, but that’s the whole point. With 183-bit quality it would be extremely difficult for anyone to find out what it is.

And obviously you should use the password manager software to remember it for you – encrypted, of course.

6. Use a random physical address

This actually does make for fairly good passwords.

Go to Google Maps, pick a town and state that you don’t live in (nor have you ever), type in a type of business and use its physical address as your password.

Example: I choose Boise, Idaho. I’ve never been there and have never set foot in that state. Then I type restaurant and find a place called Elmer’s. The physical address is 1385 S Capitol Blvd.

The password would be written as 1385SCapitolBlvdBoiseID.

According to KeePass Password Safe, this is a 114-bit quality password and well into the "green", which is pretty darned good. The fact it’s also 23 characters long and contains letters of mixed case and numbers also helps out quite a bit.

To note: You will remember this easier than trying to come up with random words and phrases, because more often than not there are time you have to commit physical addresses to memory just trying to get to places – so this is nothing new to you.

I will note again that if you choose to go with this method, pick locations you’ve never been to.

Was there anything I missed concerning better passwords?

Feel free to chime in with a comment or two.