<p>Disclamer, this is an unashamed attempt to make you download my iPhone app ;-).
You’re always here?
Even if you won’t download my app, you should read more.
My method doesn’t necessitate my app.
It is both safe and easy to use everyday.</p>
<p>If you just want to <em>use</em> the tools without searching to understand why it is safe, just jump at the <ahref="#in-practice">end of this article by clicking here</a>.</p>
<h2id="why-you-should-use-a-password-manager">Why you should use a Password Manager?</h2>
<p>If someone has <code>9f00fd5dbba232b7c03afd2b62b5fce5cdc7df63</code>,
he will have hard time to recover <code>P45sW0r|)</code>.</p>
<p>Let choose SHA1 as hash function.
Now the password for any website should
of the form:</p>
<p><codelang="zsh">
sha1( master_password + domain_name )
</code></p>
<p>Where:</p>
<ul>
<li><code>master_password</code> is your unique master password,</li>
<li><code>domain_name</code> is the domain name of the website you want the password for,</li>
</ul>
<hr/>
<p>But what about some website constraint?
For example regarding the length of the password?
What to do if you want to change your password?
What to do if you want number or special characters?
This is why, for each website I need some other parameters:</p>
<ul>
<li>the login name</li>
<li>the password’s length,</li>
<li>the password number (in order to change it),</li>
<li>The output format: hexadecimal or base64.</li>
</ul>
<h2id="in-practice">In practice?</h2>
<p>Depending on my situation here are the tools I made <em>&</em> use:</p>
<ul>
<li>On my Mac:
<ul>
<li>I use the dashboard widget <ahref="http://yannesposito.com/Scratch/files/YPassword-1.6.zip">YPassword</a></li>
<li>Sometimes, some password field are forbidden to paste into. For time like this, I use this AppleScript made tool: <ahref="http://yannesposito.com/Scratch/files/forcePaste.app.zip">ForcePaste</a>. </li>
</ul>
</li>
<li>On my Linux Box: I use the script <ahref="http://github.com/yogsototh/getpass">ypassword</a></li>
<li>On my iPhone: I use the <ahref="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=436268354&mt=8">YPassword app</a></li>
<li>On any other computer:
<ul>
<li><ahref="http://yannesposito.com/Scratch/en/softwares/ypassword/web/">Cappuccino Made YPassword</a> Web application</li>
<li><ahref="http://yannesposito.com/Scratch/en/softwares/ypassword/iphoneweb/">jQuery Made YPassword</a> Web application</li>
</ul>
</li>
</ul>
<p>My password are at a copy/paste on all environment I use. I have some services for which I have password of 40 characters.
Now I use 10 character for most of my passwords.
Further more using shorter password make it even harder for an attaquer to retrieve my master password.</p>
<p>I would be happy to hear your thoughts on using this methodology.</p>