So LinkedIn got hacked the other day. I (like many) received an email saying that my password had been obtained by some talented crackers. The passwords were hashed but there was no salt so many of the stolen passwords had been 'un-hashed'.
Turns out I'm a bit of a chump when it comes to passwords. I do tend to only use just a handful of passwords so if someone knows one it's pretty bad business for me. As a dev there's no excuse for reusing passwords.
I decided to do something about it but rather than creating a new password for each site I frequent I thought I'd write a little app to hash one master password with the URL of a website. That way I only need to remember one password but each site I visit gets a different hashed code.
Firstly I thought I'd see if anything similar already existed - standard - to my delight I found this: http://angel.net/~nic/passwd.html. Did exactly what I wanted, not only that but it also contained a link to another version - sweeeet.
Trouble is: I think the passwords it generates are pretty weak. There is a version which uses a different hash algorithm but no version produces a password longer than 10 characters, nor do they guarantee upper and lower case, digits, symbols and letters. I decided to create my own.
Here it is: www.passwordle.forkandbeard.co.uk
It will always produce a strong password which will always contain digits, upper and lower case letters and symbols. The smallest length password it will produce is 16 characters, if the length of your master password is longer than 16 characters then the generated password will match its length.
I also added a 'name' field so you can add your initials or name or some other text to the generation process to ensure two users using the same master password can still generate different passwords.
I also interlace a mildly hashed version of the 'master' password into the generated passwords - just because I think it looks cool if the generated password vaguely resembles the original.